"User Level Access" - a new function introduced in FVE8.8. If you are running the VMware monitoring for your customers and want to grant them access for particular VMware resources (such as VM, Host, Resouce Pool, Cluster, Datacenter, vCenter they own), this will be a very handy.
Here is a use case example. Company "HostingX", a service provider who is providing compute resources to their customers. A customer "StartupY" purchased N virtual machines from the HostingX. The HostingX admin wants to grant the customer monitoring dashboard access for those N virtual mahinces so that the customer "StartupY" could see all the performance of the virtual machines.
Take a look at how to enable this in FVE8.8.
- "HostingX" administrator could manage the User-Level-Access for their users (say "test" for their "StarupY" customer) by granting them the "dashboard user" and "VMware operator" roles and assigning the VMware object to them through the "User Level Access" administration dashboard. After that, a service is automatically created based on the assignment.
- When the "test" user of "StartupY" login to Foglight, he/she will see the those resources his/her company purchased and drill down on the performance dashboards.
Detail steps screen captures:
1, The limited user should assign only “dashboard user” and “VMware operator” role.
2, On the Dashboards > VMware > VMware Environment dashboard, select Administration tab, then select the “User level Access” tab, the user level access configuration table appears. You can chooses enable this function for specific users or specific user groups on this table.
3, In the user level access table, click the “Configure” button, the Authorization Dialog appears, administrator can assign the VMware objects for the specific user/group, the limited user will see these assigned objects after they login to Foglight. In this dialog, if the selected object include sub objects, all of these sub objects will be selected automatically.
4, After objects assign finished, VMware cartridge will create a VMware user service for this user/group at background, and the user level access table will display the count of assigned objects by type.
5, In the user level access table, click the “Assigned Objects” button, will navigate to next page, this page will display all assigned objects and their sub objects.
6, Use the limited user or user within limited group login to Foglight, there has limited number of menus will display. Only “VMware Environment” menu provide for this user. On the Dashboards > VMware > VMware Environment dashboard, the user can select the service which created at step 4 only, the name of VMware user service is same as the user/group. The dashboard just display the assigned objects and limited number tabs(Monitoring, Alarms, FAQts ) for this user.
7, When the user selected specific object, him/her cannot click the Related Items navigate to any related objects at the right side of quick view.
8, When the user selected specific object and click the “Explore” button in the top right corner of quick view, the dashboard will navigate to VMware explore dashboard, the VMware explore dashboard also display the assigned object(include their sub objects) and limited number tabs only.