This blog was originally posted on VMware’s Cloud Management Blog.
As you expand the reach of vRealize Operations Manager outside the realm of vSphere and down the stack into your compute, network and storage infrastructure and up the stack in databases, middleware, and applications, you’ll quickly find the need to create custom groups within vRealize Operations to limit access to data by job role.
In this blog, we’ll create a custom group in vRealize Operations Manager for Microsoft SQL DBAs. By the end we’ll have a SQL DBA group within vRealize Operations that limits access to only the resources from the Blue Medora vROps Management Pack for Microsoft SQL Server. These same steps can be used to provide access control for other roles within your organization.
Figure 1 – Navigating to User Groups
Next, we click on the green plus symbol to create a new group. Enter a name for the new group, along with an optional description. Click Next.
Figure 2 – Creating a group
Next, we’ll identify which users should be a member of this group. We can always add more users at a later time.
Figure 3 – Adding users to the group
Then, we’ll select a role for this group. We won’t delve into vRealize Operations Manager roles in this blog. For this example, let’s use the built-in ReadOnly role for our SQL DBA’s — we don’t want them messing anything up!
Figure 4 – Assigning roles to the group
Next, in the Objects tab, we will select the objects that this group will have access to. For our SQL DBAs, I’ve given them access to ourMS SQL Server Always On Availability, MS SQL Server Environment, and our VMware to SQL Server Object Hierarchies. This will allow them to see all of the resources in those inventory trees.
Figure 5 – Giving access to objects
Next, click Finish. You’re done!
Now you have a SQL DBA group to grant your SQL DBAs access to only Microsoft SQL objects within vRealize Operations. These same steps can be used to grant access to other groups of users within your organization.