Lab 5 - Manage Multi-Level Administrators
This lab introduces you to Red Hat Enterprise Virtualization's multi-level administration system. Multi-level administration presents a hierarchy of permissions that can be configured to provide finely grained levels of permissions as required by your enterprise. You have already been partially introduced to this system when you granted permissions to users on virtual machines and data centers in
Lab 4 - Power User Portal.
Permissions enable users to perform actions on objects, where objects are either individual objects or container objects. Any permissions that apply to a container object also apply to all members of that container. For example, when a host administrator role is applied to a user on a specific host, the user will have permissions to perform any of the available host operations, but on the assigned host only. However, if a host administrator role is applied on a data center to a user, the user will gain permissions to perform host operations on all hosts within the cluster of the data center. If there are additional host clusters in the data center, the user will not be able to make changes to the hosts.
This lab takes you through the tasks necessary to assign permissions for users to make configuration changes in the administration portal. This lab should take you about 10 minutes.
1. Define Storage Administrator
A Storage Administrator can manage, create and remove storage domains. This is useful in an enterprise where there are multiple storage domains, each of which require their own system administrators. A Storage Administrator has permissions for the assigned storage domain only, not for all storage domains in the enterprise.
To assign user permissions, log in to the Red Hat Enterprise Virtualization Manager administration portal as the SuperUser. In this example, SuperUser permissions have been assigned to admin
.
To assign a system administrator role to a storage domain
Navigate to the Tree pane and click the Expand All button. Under Default, click Storage. The available storage domains displays in the Storage tab.
Select the storage domain that you want to assign users to and click the Permissions subtab on the details pane. This example uses the local-iso-share
domain.
Click Add to add an existing user. The Add Permission to User dialog displays. Enter rhevuser in the Search textbox, and click Go.
Tick the checkbox of
rhevuser
. Select the
Assign role to user drop-down list and select
StorageAdmin.
Click OK. The name of the user displays in the Permissions tab, with an icon and the assigned role.
You have now assigned administrative privileges for the local-iso-domain
storage domain to the user named rhevuser
. Next, you will assign PowerUserRole permissions for the same user.