vCloud Director - Global tenant roles management
Since version 9.5, vCloud introduces rights bundles and global tenant roles which system administrators can use to manage the rights and roles that are available to each organization.
To manage vCloud Global tenant role, please login to https://VCLOUD_URL/provider/administration/access-control/global-roles with your system admin account (Zettagrid AD account).
Roles Terminology
- Role - A role is a set of rights that is assignable to one or more users and groups. When you create or import a user or group, you must assign it a role.
Tenant Roles - Tenant roles are the set of roles available to an organization.
System administrators can create and edit global tenant roles and publish them to one or more organizations. Global tenant roles can be assigned to tenant users in the organizations to which they are published. Organization administrators cannot edit global tenant roles. Global tenant roles can only be assigned to an Organisation but not to a vDC.
To apply the roles to a user:
- Ensure the role is already published to the org. If the role is not published,then publish it as described below.
- Assign the published role to the user.
Create new global tenant role
Click the "New" button to create a new global tenant role.
Select rights for this role and click "Save" to create the role. The new role now has been created but none of the Org can see this new role yet. We need to publish the role to organisations so that we can create uses under this role.
Publish/Unpublish global tenant role
Select the new role and click the "PUBLISH" button.
Turn on "Publish to Tenants" and you will see a list of all the Orgs. You can either enable "Publish to all Tenants" or just select the orgs you want to publish the role to. Click "SAVE" to finish publishing the role. If you want to unpublish the role from an Org, simply go back to this page and un-tick the Org then hit the "SAVE" button.