Following on from my previous post I thought I’d run through the updated capabilities of VSC 4.2 RBAC.
You can use a set of VSC-specific, standard vCenter Server roles for working with VSC tasks.
These roles provide the necessary vCenter native privileges and VSC-specific privileges to enable users to perform standard VSC tasks.
In previous releases of VSC there has been limited RBAC (vCenter & ONTAP) options and customers requested more granular capabilities and roles specific to things like backup and recovery etc. With the 4.2 release there is full granular vCenter RBAC integration for all functions.
The first thing you will notice is a bunch of predefined roles. These are great to get started with and generally will suite most use cases.
Ok, so lets have a more detailed look at these one of these roles:
You will notice Read Only role requires access to a number of other vCenter functions for viewing. You can navigate through these, but I don’t recommend changing anything unless you specifically want to block something.
Here’s more detail on the VSC specific privileges.
From here I can set up new roles with any combination of privileges. One of the most common is to allow a VC user to have the restore only capability from a storage snapshot. This can be defined at the single file, VM or Datastore level.
Note: The VSC-specific View privilege, which is read-only, is required for a user to view the VSC GUI. Without this privilege, menus, tabs, and other elements of the GUI are not visible. If you do not have this privilege and click the NetApp icon from the Home View, you get an error message.
So, it now pretty simple to create/manage VSC roles and privileges and delegate storage functions to vCenter users.