VMware Aria Automation 8.16

8.18 8.17 8.16 8.14 8.13 all
Português (Brasil) 简体中文 Deutsch Español Français Italiano 日本語 한국어 Nederlands Русский 繁體中文 English

User role use case 2: Set up
VMware Aria Automation
 user roles to support larger development teams and the catalog

As a
VMware Aria Automation
 organization owner, you are responsible for managing the access and the budget for your infrastructure resources. You have a team of cloud template developers who iteratively create and deploy templates for different projects until they are ready to deliver to their consumers. You then deliver the deployable resources to the consumers in a catalog.
This use case assumes that you understand that use case 1 is an administrator-only use case. You now want to expand your system to support more teams and larger goals.
  • Let developers create and deploy their own application cloud templates during development. You add yourself as administrator, then add additional users with both the service user and the service viewer role. Next, you add the users a as project members. The project members can develop and deploy their own cloud templates.
  • Publish cloud templates to a catalog where you make them available for non-developers to deploy. Now you are assigning user roles for
    Automation Service Broker
    .
    Automation Service Broker
     provides a catalog for the cloud template consumers. You can also use it to create policies, including leases and entitlements, but that functionality is not part of this user role use case.
  1. Assign organization member roles to your cloud template developer users.
    If you need instructions, see the previous use case.
  2. Assign the
    Automation Assembler
     service member role to your cloud template developers.
    1. Click
      Add Service Access
      .
      Assembler role with administrator and viewer selected.
    2. Configure the user with the following value.
      Service
      Role
      Assembler
      Assembler User
      Assembler
      Assembler Viewer
      In this use case, your developers need to see the infrastructure to ensure that they are building deployable cloud templates. As users that you will assign as project administrators and project members in the next step, they cannot see the infrastructure. As service viewers they can see how the infrastructure is configured, but cannot make any changes. As the cloud administrator, you remain in control, but give them access to the information they need to develop cloud templates.
  3. Create projects in
    Automation Assembler
     that you use to group resources users.
    In this use case, you create two projects. The first project is PersonnelAppDev and the second is PayrollAppDev.
    1. In the console, click
      Services
      , and then click
      VMware Aria Automation
      .
    2. In
      VMware Aria Automation
      , click
      Assembler
      .
    3. Select
      Infrastructure
      Projects
      New Project
      .
    4. Enter
      PersonnelAppDev
       as the name.
    5. Click
      Users
      , and then click
      Add Users
      .
    6. Add project members and assign a project administrator.
      Project Role
      Description
      Project User
      A project member is the primary developer user role in a project. Projects determine what cloud resources are available when you are ready to test your development work by deploying a cloud template.
      Project Administrator
      A project administrator supports their developers by adding and removing users for your projects. You can also delete your projects. To create a project, you must have service administrator privileges.
    7. For the users that you are adding as project members, enter the email address of each user, separated by a comma, and select
      User
       in the
      Assign role
       drop-down menu.
      For example, tony@mycompany.com,sylvia@mycompany.com.
      List of project members and the administrator.
    8. For the designated administrators, select
      Administrator
       in the
      Assign role
       drop-down menu and provide the necessary email address.
    9. Click the
      Provisioning
       tab and add one or more cloud zones.
      When the cloud template developers who are part of this project deploy a template, it is deployed to the resources available in the cloud zones. You must ensure that the cloud zone resources match the needs of the project development team templates.
    10. Repeat the process to add the PayrollAppDev project with the necessary users and an administrator.
  4. Provide the service user with the necessary login information and verify that the members of each project can do the following tasks.
    1. Open
      Automation Assembler
      .
    2. See the infrastructure across all projects.
    3. Create a cloud template for the project that they are a member of.
    4. Deploy the cloud template to the cloud zone resources defined in the project.
    5. Manage their deployments.
  5. Assign organization member roles to your cloud template developer users.
    If you need instructions, see the first use case.
  6. Assign roles to a catalog administrator, catalog consumers, and cloud template developers based on their job.
    1. Click
      Add Service Access
      .
    2. Configure the catalog administrator with the following value.
      This role might be you, the cloud administrator, or it might be someone else on your application development team.
      Service
      Role
      Service Broker
      Service Broker Administrator
    3. Configure the cloud template consumers with the following value.
      Service
      Role
      Service Broker
      Service Broker User
      Configure the service user.
    4. Configure the cloud template developers with the following value.
      Service
      Role
      Assembler
      Assembler User
  7. Create projects in
    Automation Assembler
     that you use to group resources and users.
    In this use case, you create two projects. The first project is PersonnelAppDev and the second is PayrollAppDev.
    If you need instructions, see the previous use case.
  8. Create and release cloud templates for each project team.
    If you need instructions, see the first scenario.
  9. Import an
    Automation Assembler
     cloud template into
    Automation Service Broker
    .
    You must log in as a user with the
    Automation Service Broker
     Administrator role.
    1. Log in as a user with the
      Automation Service Broker
       Administrator role.
    2. In the console, click
      Services
      , and then click
      Service Broker
      .
    3. Select
      Content and Policies
      Content Sources
      , and click
      New
      .
      Configure the content source.
    4. Select
      VMware Cloud Templates
      .
    5. Enter
      PersonnelAppImport
       as the name.
    6. In the
      Source project
       drop-down menu, select PersonnelAppDev and click
      Validate
      .
    7. When the source is validated, click
      Create and Import
      .
    8. Repeat for PayrollAppDev using PayrollAppImport as the content source name.
  10. Share an imported cloud template with a project.
    Although the cloud template is already associated with a project, you create a sharing policy in
    Automation Service Broker
     to make it available in the catalog.
    1. Continue as a user with the
      Automation Service Broker
       administrator role.
    2. In
      Automation Service Broker
      , select
      Content and Policies
      Policies
      Definitions
      .
    3. Click
      New Policy
      , and then click
      Content Sharing Policy
      .
    4. Enter a
      Name
      .
    5. On the
      Scope
       list, select the
      PersonnelAppDev
       project.
    6. In the
      Content sharing
       section, click
      Add Items
      .
      Select the cloud templates for sharing.
    7. In the
      Share Items
       dialog box, select the
      PersonnelApp
       cloud template and click
      Save
      .
    8. In the
      Users
       section, select the project users and groups that you want to see the item in the catalog.
    9. Click
      Create
      .
  11. Verify that the cloud template is available in the
    Automation Service Broker
     catalog to the project members.
    1. Request that a project member log in and select
      Consume
      Catalog
      .
      Locate the catalog item.
    2. Click Request on the PersonnelApp cloud template card.
    3. Complete the form and click
      Submit
      .
  12. Verify that the project member can monitor the deployment process.
    1. Request that the project member select
      Consume
      Deployments
       and locate their provisioning request.
      Locate the deployment.
    2. When the cloud template is deployed, verify that the requesting user access the application.
  13. Repeat the process for the additional projects.
In this use case, recognizing that need to delegate the cloud template development to the developers, you add more organization members. You made them
Automation Assembler
 users. You then made them members of relevant projects so that they can create and deploy cloud templates. As project members, they cannot see or alter the infrastructure that you continue to manage, but you gave them full service viewer permissions sot that they could understand the constraints of infrastructure that they are designing for.
In this use case, you configure users with various roles, including the
Automation Service Broker
 administrator and users. You then provide the non-developer users with the
Automation Service Broker
 catalog.

Content feedback and comments