Return-Path: 
 <issues-return-30887-apmail-cloudstack-issues-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-issues-archive@www.apache.org
Delivered-To: apmail-cloudstack-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 4EBBF10030
	for <apmail-cloudstack-issues-archive@www.apache.org>;
 Mon,  4 Nov 2013 06:47:21 +0000 (UTC)
Received: (qmail 40617 invoked by uid 500); 4 Nov 2013 06:47:21 -0000
Delivered-To: apmail-cloudstack-issues-archive@cloudstack.apache.org
Received: (qmail 40366 invoked by uid 500); 4 Nov 2013 06:47:20 -0000
Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:issues@cloudstack.apache.org>
List-Id: <issues.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list issues@cloudstack.apache.org
Received: (qmail 40337 invoked by uid 500); 4 Nov 2013 06:47:20 -0000
Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org
Received: (qmail 40321 invoked by uid 99); 4 Nov 2013 06:47:19 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Nov 2013 06:47:19 +0000
Date: Mon, 4 Nov 2013 06:47:19 +0000 (UTC)
From: "Sailaja Mada (JIRA)" <jira@apache.org>
To: cloudstack-issues@incubator.apache.org
Message-ID: <JIRA.12677315.1383547519893.14884.1383547639425@arcas>
In-Reply-To: <JIRA.12677315.1383547519893@arcas>
References: <JIRA.12677315.1383547519893@arcas>
Subject: [jira] [Updated] (CLOUDSTACK-5030) [Doc] Document the Procedure to
 create custom role in vCenter for CloudPlatform
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/CLOUDSTACK-5030?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sailaja Mada updated CLOUDSTACK-5030:
-------------------------------------

    Labels: doc  (was: )

> [Doc] Document the Procedure to create custom role in vCenter for CloudPlatform
> -------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-5030
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5030
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Doc
>    Affects Versions: 4.2.1
>            Reporter: Sailaja Mada
>              Labels: doc
>             Fix For: 4.2.1
>
>
> Steps:
> Procedure to create custom role in vCenter for CloudPlatform is described below:
> Requirement
> Elaborate minimal permissions required for a user account to be used by CloudPlatform.
> Back ground
> To manage VMware deployments, CloudPlatform need permissions for the role to manage infrastructure resources as the minimal i.e,
>     Manage cluster/host
>     Manage datastore/disks/files
>     Manage port groups
>     Manage dvPort groups
>     Manage templates
>     Import appliance
>     Export a template
>     Manage VM
>     Manage snapshot of VM
>     Manage custom field
> Solution
> Hence the idea is to create a role with above required minimal permissions and assign this custom role to the user designated to be used by CloudPlatform.
> For more robust implementation of this, the permissions could be divided into 2 roles where as each role (mapped with a user) is added to relevant object in vCenter infrastructure.
>     Global role
>         This is for custom attribute management - User with this role would be added to vCenter object WITHOUT propagation to child objects.
>     Datacenter role
>         This is for datacenter management - User with this role would be added to each of Datacenter object, WITH propagation to child objects, to be managed by this user.
>  
> Detailed list of granualar permissions to be added to the global role to be used for CloudPlatform is below.
>     Global.Manage custom attributes
>     Global.set custom attributes 
> Detailed list of granualar permissions to be added to the datacentre role to be used for CloudPlatform is below. 
>     Datastore.AllocateSpace
>     Datastore.Browse
>     Datastore.Configure
>     Datastore.Remove file
>     Datastore.FileManagement (Low level file operations and Update virtual machine files)
>     dvPort group.Create
>     dvPort group.Modify
>     dvPort group.Policy
>     dvPort group.Delete
>     Folder.Create folder 
>     Folder.Delete folder
>     Network.Assign
>     Network.Configure
>     Network.Remove
>     Resource.HotMigrate (Migrate powered on vm)
>     Resource.ColdMigrate (Migrate powered off vm)
>     Resource.Assign virtualmachine to resource pool
>     Resource.Assign vApp to resource pool
>     Sessions.Validatesession
>     Host.Configuration.Connection
>     Host.Configuration.Security profile and firewall
>     Host.Configuration.Maintenance
>     Host.Configuration.Storage partition configuration
>     Host.Configuration.SystemManagement
>     Host.LocalOperations.Create Virtual Machine
>     Host.LocalOperations.Delete Virtual Machine
>     Host.LocalOperations.Reconfigure Virtual Machine
>     Host.LocalOperations.Relayout Snapshots
>     vApp.Export
>     vApp.Import
>     VirtualMachine.Config.AddExistingDisk
>     VirtualMachine.Config.AddNewDisk
>     VirtualMachine.Config.AdvancedConfig
>     Virtualmachine.Configuration.Add or remove device
>     Virtualmachine.Configuration.Change CPU Count
>     Virtualmachine.Configuration.Change Resource
>     Virtualmachine.Configuration.Extend Disk
>     Virtualmachine.Configuration.Memory
>     Virtualmachine.Configuration.Modify Device Setting
>     Virtualmachine.Configuration.Reload from path
>     Virtualmachine.Configuration.Rename
>     Virtualmachine.Configuration.Remove disk
>     Virtualmachine.Configuration.Set annotation
>     Virtualmachine.Configuration.Settings
>     Virtualmachine.Interaction.Answer question
>     Virtualmachine.Interaction.Power Off
>     Virtualmachine.Interaction.Power On
>     VirtualMachine.Interaction.Reset
>     Virtualmachine.Interaction.VMware Tools install
>     VirtualMachine.Inventory.Create (New and from existing)
>     VirtualMachine.Inventory.Register
>     VirtualMachine.Inventory.Unregister
>     VirtualMachine.Inventory.Remove
>     VirtualMachine.Inventory.Move
>     Virtualmachine.Provisioning.Allow file access
>     Virtualmachine.Provisioning.Allow file upload
>     Virtualmachine.Provisioning.Allow file download
>     Virtualmachine.Provisioning.Mark as template
>     Virtualmachine.Provisioning.Clone template
>     Virtualmachine.Provisioning.Clone virtualmachine
>     Virtualmachine.Provisioning.Deploy template
>     Virtualmachine.Provisioning.Create template from virtual machine
>     Virtualmachine.Provisioning.Mark as template
>     Virtualmachine.State.Create snapshot
>     Virtualmachine.State.Remove Snapshot
>     Virtualmachine.State.Revert to snapshot
>     vSphereDistributedSwitch.Policy operation
>     vSphereDistributedSwitch.Port configuration operation
>     vSphereDistributedSwitch.Port setting 



--
This message was sent by Atlassian JIRA
(v6.1#6144)