Product SiteDocumentation Site

Lab 5 - Manage Multi-Level Administrators

This lab introduces you to Red Hat Enterprise Virtualization's multi-level administration system. Multi-level administration presents a hierarchy of permissions that can be configured to provide finely grained levels of permissions as required by your enterprise. You have already been partially introduced to this system when you granted permissions to users on virtual machines and data centers in Lab 4 - Power User Portal.
Permissions enable users to perform actions on objects, where objects are either individual objects or container objects. Any permissions that apply to a container object also apply to all members of that container. For example, when a host administrator role is applied to a user on a specific host, the user will have permissions to perform any of the available host operations, but on the assigned host only. However, if a host administrator role is applied on a data center to a user, the user will gain permissions to perform host operations on all hosts within the cluster of the data center. If there are additional host clusters in the data center, the user will not be able to make changes to the hosts.
This lab assumes that you have successfully completed the basic labs of Section 1, “Track A: Standard Setup” or Section 2, “Track B: Minimal Setup”. You should have correctly installed and configured Red Hat Enterprise Virtualization, and have several user accounts in either the IPA or the AD domain.
Lab 5 - Objectives
This lab takes you through the tasks necessary to assign permissions for users to make configuration changes in the administration portal. This lab should take you about 10 minutes.
Section 1, “Define Storage Administrator” shows you how to assign StorageAdmin permissions for a virtual machine to a user. (2 minutes)
Section 2, “Define Virtual Machine Administrator” shows you how to assign PowerUserRole permissions for a virtual machine to a user. (2 minutes)
Section 3, “Verify User Permissions” shows you how to log in to the User Portal and perform a few functions to verify the relevant user privileges have been assigned. (3 minutes)
Section 4, “Create Custom Roles” shows you how to create a custom role and define permissions for the role. (3 minutes)
Lab 5 - Requirements
In addition to the requirements stipulated in Section 1.1, “Track A Requirements” (for Track A) or Section 2.1, “Track B Requirements” (for Track B) ensure that you have at least two users in an external directory service.

1. Define Storage Administrator

A Storage Administrator can manage, create and remove storage domains. This is useful in an enterprise where there are multiple storage domains, each of which require their own system administrators. A Storage Administrator has permissions for the assigned storage domain only, not for all storage domains in the enterprise.
To assign user permissions, log in to the Red Hat Enterprise Virtualization Manager administration portal as the SuperUser. In this example, SuperUser permissions have been assigned to admin.
To assign a system administrator role to a storage domain
  1. Navigate to the Tree pane and click the Expand All button. Under Default, click Storage. The available storage domains displays in the Storage tab.
  2. Select the storage domain that you want to assign users to and click the Permissions subtab on the details pane. This example uses the local-iso-share domain.
  3. Click Add to add an existing user. The Add Permission to User dialog displays. Enter rhevuser in the Search textbox, and click Go.
  4. Tick the checkbox of rhevuser. Select the Assign role to user drop-down list and select StorageAdmin.
    Add StorageAdmin permission
    Figure 39. Add StorageAdmin permission

  5. Click OK. The name of the user displays in the Permissions tab, with an icon and the assigned role.
You have now assigned administrative privileges for the local-iso-domain storage domain to the user named rhevuser. Next, you will assign PowerUserRole permissions for the same user.