Automation Service Broker 用户角色是什么
Automation Service Broker
用户角色是什么您在
Automation Service Broker
中的用户角色决定了您可以查看和执行的操作。有些角色是在服务组织级别定义的,而有些角色特定于 Automation Assembler
。 用户角色
在
VMware Aria Automation
控制台中为组织定义用户角色。有两种类型的角色:组织角色和服务角色。组织角色是全局的,适用于组织中的所有服务。将为用户分配组织所有者或组织成员角色。
有关组织、服务和自定义角色的详细信息,请从云用户角色开始。
Automation Service Broker
服务角色(是特定于服务的权限)也在控制台的组织级别分配。Service Broker Service
Roles
The
Automation Service Broker
service roles determine
what you can see and do in Automation Service Broker
. These service roles are defined in the console by an
organization owner.Role | Description |
|---|---|
Service Broker Administrator | Must have read and write access to the entire user
interface and API resources. This is the only user role that can
perform all tasks, including creating a new project and assigning a
project administrator. |
Service Broker User | Any user who does not have the Automation Service Broker Administrator role. In an Automation Service Broker project, the administrator adds users
to projects as project members, administrators, or viewers. The
administrator can also add a project administrator. |
Service Broker Viewer | A user who has read access to see information but
cannot create, update, or delete values. This is a read-only role
across all projects in all the services. Users with the
viewer role can see all the information that is available to the
administrator. They cannot take any action unless you make them
a project administrator or a project member. If the user is
affiliated with a project, they have the permissions related to
the role. The project viewer would not extend their permissions
the way that the administrator or member role does. |
In addition to the service roles,
Automation Service Broker
has project roles. Any project is available in all of the
services.The project roles are defined in
Automation Service Broker
and can vary between projects. In the following tables, which tells you what the different service and project roles
can see and do, remember that the service administrators have full permission on all
areas of the user interface.
Use the following descriptions of project roles will help you as you decide what
permissions to give your users.
- Project administrators leverage the infrastructure that is created by the service administrator to ensure that their project members have the resources they need for their development work.
- Project members work within their projects to design and deploy cloud templates. In the following table, Your projects can include only resources that you own or resources that are shared with other project members.
- Project viewers are restricted to read-only access.
- Project supervisors are approvers inAutomation Service Brokerfor their projects where an approval policy is defined with a project supervisor approver. To provide the supervisor with context for approvals, consider also granting them the project member or viewer role.
UI Context | Task | Service Broker Administrator | Service Broker Viewer | Service Broker User User must be a
project administrator to see and do project-related
tasks. | |||
|---|---|---|---|---|---|---|---|
Project Administrator | Project Member | Project Viewer | Project Supervisor | ||||
Access Service Broker
| |||||||
Console | In the console, you can see and open Service Broker | Yes | Yes | Yes | Yes | Yes | Yes |
Infrastructure
| |||||||
See and open the Infrastructure tab | Yes | Yes | |||||
Administration - Projects | Create projects | Yes | |||||
Update, or delete values from project summary, provisioning,
Kubernetes, integrations, and test project configurations. | Yes | ||||||
Add users and groups, and assign roles in projects. | Yes | Yes. Your projects. | |||||
View projects | Yes | Yes | Yes. Your projects | Yes. Your projects | Yes. Your projects | ||
Administration - Custom Roles | Create custom user roles and assign them to users and groups. | Yes | |||||
Administration - Custom Names | Create custom resource names. | Yes | |||||
Administration - Secrets | Create and delete secret reusable properties. | Yes | |||||
Administration - Settings | Turn on or off internal settings. | Yes | |||||
Administration - Users and Groups | View the users and groups assigned to custom roles. | Yes | |||||
Configure - Cloud Zones | Create, update, or delete cloud zones | Yes | |||||
View cloud zones | Yes | Yes | |||||
Configure - Kubernetes Zones | Create, update, or delete Kubernetes zones | Yes | |||||
View Kubernetes zones | Yes | Yes | |||||
Connections - Cloud Accounts | Create, update, or delete cloud accounts | Yes | |||||
View cloud accounts | Yes | Yes | |||||
Connections - Integrations | Create, update, or delete integrations | Yes | |||||
View integrations | Yes | Yes | |||||
Activity - Requests | Delete deployment request records | Yes | |||||
View deployment request records | Yes | ||||||
Activity - Event Logs | View event logs | Yes | |||||
Content and Policies
| |||||||
See and open the Content and Policies tab | Yes | Yes | |||||
Content Sources | Create, update, or delete content sources | Yes | |||||
View content sources | Yes | Yes | |||||
Content | Customize form and configure item | Yes | |||||
View content | Yes | Yes | |||||
Policies - Definitions | Create, update, or delete policy definitions | Yes | |||||
View policy definitions | Yes | Yes | |||||
Policies - Enforcement | View enforcement log | Yes | Yes | ||||
Notifications - Email Server | Configure an email server | Yes | |||||
Consume
| |||||||
See and open the Consume tab | Yes | Yes | Yes | Yes | Yes | Yes | |
Projects | See and search projects | Yes | Yes. Your projects | Yes. Your projects | Yes. Your projects | Yes. Your projects | Yes. Your projects |
Catalog | See and open the Catalog page | Yes | Yes | Yes | Yes | Yes | Yes |
View available catalog items | Yes | Yes | Yes. Your projects | Yes. Your projects | Yes. Your projects | ||
Request a catalog item | Yes | Yes. Your projects | Yes. Your projects | ||||
Deployments - Deployments | View deployments,
including deployment details, deployment history, price,
monitor, alerts, optimize, and troubleshooting information | Yes | Yes | Yes. Your projects | Yes. Your projects | Yes. Your projects | |
Manage alerts | Yes | Yes. Your projects | Yes. Your projects | ||||
Run day 2 actions on deployments based on policies | Yes | Yes. Your projects | Yes. Your projects | ||||
Deployments - Resources | View all discovered resources | Yes | Yes | ||||
Run day 2 actions on discovered resources. Actions available
only on machines and limited to power on and off for all
machines, and remote console for vSphere machines. | Yes | ||||||
Deployments - All Resources | View deployed, onboarded, migrated resources | Yes | Yes | Yes. Your projects. | Yes. Your projects. | Yes. Your projects. | |
Run Day 2 actions on deployed, onboarded, and migrated resources
based on policies | Yes | Yes | Yes. Your projects. | Yes. Your projects. | |||
Deployments - Virtual Machines | View discovered machines | Yes | Yes | ||||
Run day 2 actions on discovered machines. Actions are limited
to power on and off, and remote console for vSphere
machines. | Yes | ||||||
Create New VM This option is
available in Automation Service Broker if your administrator activates the
option. To activate the option, select .By activating the
option, Automation Service Broker users can create VMs based on any image
and any flavor even though they are not administrators
themselves. To avoid the potential overconsumption of resources,
administrators can create approval policies to reject or approve
any deployment requests based on the image used or the flavor or
size requested. | Yes | Yes. Your projects. | Yes. Your projects. | Yes. Your projects. | |||
View deployed, onboarded, and migrated resources. | Yes | Yes. Your projects. | Yes. Your projects. | Yes. Your projects. | |||
Run day 2 actions on deployed, onboarded, and migrated resources
based on policies | Yes | Yes. Your projects. | Yes. Your projects. | ||||
Deployments - Volumes | View discovered volumes | Yes | Yes | ||||
No day 2 actions available | |||||||
View deployed, onboarded, and migrated volumes | Yes | Yes | Yes. Your projects. | Yes. Your projects. | Yes. Your projects. | ||
Run day 2 actions on deployed, onboarded, and migrated volumes
based on policies | Yes | Yes. Your projects. | Yes. Your projects. | ||||
Deployments - Networking and Security | View discovered networks, load balancers, and security
groups | Yes | Yes | ||||
No day 2 actions available | |||||||
View deployed, onboarded, and migrated networks, load balancers,
and security groups | Yes | Yes | Yes. Your projects. | Yes. Your projects. | Yes. Your projects. | ||
Run day 2 actions on deployed, onboarded, and migrated networks,
load balancers, and security groups based on policies | Yes | Yes. Your projects. | Yes. Your projects. | ||||
Inbox
| |||||||
See and open the Inbox tab | Yes | Yes | |||||
Approvals | View approval requests | Yes | Yes | Yes | Yes | Yes | Yes |
Respond to approval requests | Yes | Yes. Your projects and the policy approver is Project
Administrator | Only if you are a named approver | Only if you are a named approver | Yes. Your projects and the policy approver is Project
Supervisor | ||
User Input Requests | View user input requests | Yes | Yes | Yes | Yes | ||
Respond to user input requests | Yes | Yes. Your projects and you are assigned to provide input | Only if you are assigned to provide input | ||||