Create and Modify Roles

You can create or modify roles to allow users to perform certain tasks and access specific content.

Note: You can edit all predefined roles except the Super Admin role. You can clone the Super Admin role and then modify the cloned role.

Prerequisites

Verify that you are logged in to the VMware Aria Operations for Logs web user interface as a Super Admin user, or a user associated with a role that has the Access control permission with Edit access level. The URL format of the web user interface is https://operations-for-logs-host, where operations-for-logs-host is the IP address or host name of the VMware Aria Operations for Logs virtual appliance.

Procedure

Expand the main menu and navigate to Management > Access Control.
Click Roles.
Click New Role or the pencil icon to edit an existing role.
Modify the Name and Description text boxes.

Select one or more permissions and their corresponding access levels from the Permissions list. Permissions have main categories and sub-categories within each main category.

The following access levels are available:

Full Access: Provides view and edit access to all the sub-categories for a permission. For example, if you select the Full Access check box against the Management permission, the users associated with the role can view and edit clusters, hosts, agents, and the rest of the sub-categories in the Management section.
No Access: Does not provide view or edit access to the corresponding sub-category in a permission.
View: Provides view access to the corresponding sub-category in a permission.
Edit: Provides view and edit access to the corresponding sub-category in a permission.

Note: Some permissions do not have all access levels due to absence of use cases. For example, you do not have the Edit access level for content pack dashboards. Similarly, you do not have the No Access access level for extracted fields in the Explore Logs page.

The following permissions are available:

Permission	Description
Management	Can view or modify information corresponding to the selected sub-categories, in the Management section: System monitor Cluster Access control Hosts Agents Certificates Licenses
Configuration	Can view or configure information corresponding to the selected sub-categories, in the Configuration section: General Configuration Authentication Configuration Time Configuration SMTP Configuration SSL Configuration Proxy Configuration
Log Management	Can view or manage information corresponding to the selected sub-categories, in the Log Management page: Log Masking Log Filtering Log Forwarding Index Partitions
Integrations	Can view or configure the integration of VMware Aria Operations for Logs with the products corresponding to the selected sub-categories, in the Integration section: vSphere Integration VMware Aria Operations Integration NSX Identity Firewall Integration Operations for Logs(SaaS) Integration
Content Packs	Can view or manage content packs in the Content Packs page.
Alerts	Can view, create, or modify alerts in the Alerts page or perform alert-related activities from the Explore Logs page.
Explore Logs	Can view or modify information corresponding to the selected sub-categories in the Explore Logs page: Explore Logs Extracted Fields Export
Dashboards	Can view or modify information corresponding to the selected sub-categories in the Dashboards page: User Dashboards Shared Dashboards Content Pack Dashboards Shared Dashboard URLs Scheduled Reports

(Optional) From the Data Sets list, select a data set to associate with the user role.
Click Save.

Results

The role appears in the Roles tab of the Access Control page, with information such as name, description, data sets, and so on.

To view the user accounts associated with any role, click Show Users against the role.
To view the permissions associated with any role, click Show Permissions against the role.

What to do next

You can associate a user account or group with the role. For more information, see: