VMware vRealize Orchestrator 7.3 is out! (Release Notes) and the deployment and configuration process is now a lot slicker and easier to complete. In this HOWTO, we look at the the process of configuring Role Based Access Management within the Control Center.
There are three Pre-Defined Roles are:
- Administrator – Has access to All configuration menus.
- Tenant Admin – Has access to only to Role Based Access Management and Inspect Workflows.
- Consumer – Has access to only to Inspect Workflows.
Important things to remember that I discovered through testing are:
- You can no longer log on as root once you have configured an Authentication Provider.
- The Role Based Access Management configuration for the Control Center does not make any changes to user permissions or access within the Orchestrator client to be able to create or run workflows. This is for Control Center access only.
- Unless you used the the vsphere.local\Administrators group to be the Admin Group as part of the initial configuration for vSphere SSO. You would lose the ability to manage the initially log into Control Center resulting in a blank screen (see No Access under the Access Management Results below).
- The Admin group that is configured within the Authentication Provider settings that controls initial login:
As detailed within VMware vRealize Orchestrator 7.3 Documentation Center
- You can assign the Administrator role to vsphere.local\Administrators group through RBAM and then update the Authentication Provider Admin group to an Active Directory Group if desired.
- Successful deployment of the VMware vRealize Orchestrator 7.3 Appliance.
- Successful initial configuration of the VMware vRealize Orchestrator Control Center.
Using a web browser, navigate to https://vro.app.fqdn:8283/vco-controlcenter.
Enter the username as
email@example.com and associated password, then click Login.
Click Role Based Access Management.
Enter the name of the user/group into the User or Group textbox and click Search.
Select the appropriate user/group from the results list of the search.
Check the Administrator checkbox.
(optional) Add any additional users/groups to the different roles as required following the previous steps.
Click Sign out.
And that is VMware vRealize Orchestrator 7.3 Control Center RBAM configured with sample groups for each of the different roles.
Access Management Results
What does each users view of the Control Center look like? let’s take a quick look!
vRO Administrator View – Full Access
vRO Tenant Admin View – RBAM and Inspect Workflows
vRO Consumer View – Inspect Workflows
No Access Rights
Hope that helps!