User Permissions: Staying Secure with vROps

by bluemedora_editor on June 21, 2016

VMware’s vRealize Operations (vROps) takes advantage of user accounts and security in a number of different ways. Secure monitoring and varied access to particular sections of information by managing user permissions are just a few of the options available that we will discuss.

The majority of vRealize Operations management packs require a service or admin account to authenticate to the internal vROps REST API. The default admin account can provide this functionality, but is not considered ideal for network security.

user permissions 1

Figure 1 – Using the default vRealize admin account for authentication

Creating a Service Account

The more ideal situation is to create a service account, whose only purpose is to authenticate to the internal REST API. This, as well as all user configurations within vROps, can be accomplished within the Access Control tab, which can be reached by navigating to Administration then Access Control as seen below in Figure 2.

user permissions 2

Figure 2 – The Access Control tab of vROps

User Permissions with Groups

Another useful configuration is groups. These can be accessed by navigating to Administration -> Access Control -> User Groups. With groups you could, for example, add all of the members of the data center team to a single group, then allow that group access to all NetApp dashboards and alerts, but deny them access to SAP dashboards and alerts. In this way, when a data center user logs into vROps they are only presented with alerts pertaining to NetApp.

user permissions 3

Figure 3 – User groups in vRealize Operations

User Permissions with Roles

If groups are too broad of a configuration or if you want to customize access even further, vROps Roles could be the answer. Within roles you have the ability to create or modify new and existing roles, granting a wide range of rights and privileges. It is then as simple as assigning a role to a newly created user to grant that user all rights and privileges within it.

user permissions 4

Figure 4 – Roles in vRealize Operations

Depending on the desired outcome, one or a combination of these approaches could be used to lock down your vROps cluster and protect your sensitive data. With the user friendly interface, even beginner admins should have no issue customizing the system to suit their needs while still keeping their security on lockdown.

This blog post first appeared on VMware Cloud Management Blog. Read the full blog post here.

Get started

Try BindPlane for free. No credit card required.

Sign up
True Visibility
BindPlane for VMware vRealize Operations

True Visibility allows cloud management teams to use VMware vRealize’s powerful machine learning and capacity planning engine across their entire hybrid cloud environment.

Azure Monitor...everything
BindPlane for Microsoft Azure Monitor

Make Azure Monitor your first-pane-of-glass across your entire multi-cloud, multi-database or hybrid platform environment.

Thank you for contacting us. Your information was received. We'll be in touch shortly.