How to create new users to access the portal and define roles in Performance Cloud VMware (NSX-T)


TABLE OF CONTENTS

Notes

By default, one (1) Organization Administrator is created when the Performance Cloud VMware service is enabled.

 

If you currently use an external identity manager to access the Performance Cloud VMware portal, like Microsoft Entra ID, you may not need to follow this article to create users to access the portal. Refer to this article for more information about using a SAML Identity Provider to access the portal.


Predefined user roles are read-only. If these roles don't meet your needs, you can create custom roles to assign to users. Be careful when working with roles. Be sure to always keep one (1) Organization Administrator.

Built-in Roles Definition

  • Catalog Author

    Most features are hidden for Catalog Authors. Users with this role cannot see virtual machines or vApps. The rights associated with the predefined Catalog Author role allow a user to create and publish catalogs including the upload of ISO files and the import of OVF/OVA templates.


  • Console Access Only

    Users with this role has read-only permissions on virtual machines and vApps (cannot change VMs resources and cannot even power on VMs). This is the minimum right required to access a running virtual machine console and use a guest operating system through the portal. Once the VM console opened, the user can use proper local or network credentials, configured inside virtual machines guest OS or Active Directory.


  • vApp User

    The rights associated with the predefined vApp User role allow a user to use existing vApps. vApp Users have read-write access on vApps and virtual machines on which the user is set as an owner. Useful to delegate management to only some vApps and virtual machines.


  • vApp Author

    The rights associated with the predefined vApp Author role allow a user to use catalogs and create vApps. vApp Authors have same rights as vApp Users but can also create new vApps.and virtual machines using ISO files or templates published in a catalog (as long as the catalog is properly shared)

     
  • Organization Administrator

    Default role with the main features enabled. Users with this role can create / delete / modify vApps, virtual machines, networks, firewall rules, catalogs. Organization Administrators can also access the Administration tab (including creation of users and custom roles) and the tab named “Data Protection with Veeam” to manage backups.


  • Organization Administrator + API Explorer

    Same rights as the Organization Administrator role with the API Explorer feature enabled.
    This role will only be displayed if you asked us to enable the API Explorer. See this article for details.

How to create a custom user role


METHOD 1 – CREATION

  1. Login to the Performance Cloud VMware portal using your credentials.
     
  2. Click on the Administration tab




  3. Under Access Control, click on Roles, and then on NEW.

    Graphical user interface, text, application, email, website

Description automatically generated


  4. Name your new role and enter a description.
    Browse the various categories and check the desired permissions for this role.
    Then click on SAVE.

    Example:

    Graphical user interface, text, application, email

Description automatically generated



METHOD 2 – CLONE
 

  1. Login to the Performance Cloud VMware portal using your credentials.
     
  2. Click on the Administration tab




  3. Under Access Control, click on Roles, then select a source role and click on CLONE.

    Graphical user interface, text, application, website

Description automatically generated


  4. Edit the name and description of the new role.

    Browse the various categories and customize the permissions for the new role and click on SAVE.

    Graphical user interface, text, application, email

Description automatically generated

How to create new users to access the portal

  1. Login to the Performance Cloud VMware portal using your credentials.
     
  2. Click on the Administration tab




  3. Under Access Control, click on Users, and then on NEW.




  4. At a minimum, enter the username, the password twice and the desired role for the new user. The username can be an email address.

    If you plan to use quota, you can let the feature enabled and set the desired quota for the user at the bottom.
    If you do not plan to use quota, you can disable the feature on users.

    Then, click on SAVE.

    Graphical user interface, application

Description automatically generated


    For more users to create, repeat steps 3 & 4.
      

You can now login to the Performance Cloud VMware portal using new users.

References

https://docs.vmware.com/en/VMware-Cloud-Director/10.5/VMware-Cloud-Director-Service-Provider-Admin-Guide/GUID-AE42A8F6-868C-4FC0-B224-87CA0F3D6350.html