The content in this section is specific to using the VMware Cloud Services Console in conjunction with VMware Carbon Black Cloud.
What is the VMware Cloud Services Console?
The VMware Cloud Services Console is a unified console for accessing VMware’s cloud product offerings. VMware Carbon Black Cloud is one of many services that can be accessed, configured, and consumed through this console. VMware Carbon Black Cloud on VMware Cloud Services Platform requires the use of certain features of VMware Cloud Services in the place of similar features inherent to prior versions of the Carbon Black Cloud product.
Organizations and Services in the Cloud Services Console
Customers are provided access to one or more Organizations on the VMware Cloud Services Console. An Organization is a group of users, who are granted roles, to access specific products. These Organizations serve as units of isolation that allow administrators to enable specific products and configure access management.
Specific products are known in the Cloud Services Console as Services, and hence the terminology used is that VMware Carbon Black Cloud is a Service available on the VMware Cloud Services Console.
Identity Management in the Cloud Services Console
The Organizations on the Cloud Services Console are used for all Identity and Access Management functionality within the VMware Carbon Black Cloud product. Specific examples include:
- Granting access to users or groups.
- Creating custom roles for user access and API access.
- Assigning roles to users or groups.
- Configuring SAML 2.0 identity federation with your corporate identity provider.
- Configuring API Access to the Carbon Black Cloud via oAuth 2.0 Apps or API Tokens.
Roles Overview
Administrative users within an organization can grant several types of roles to other users and groups to provide appropriate access to the Cloud Services organization and the VMware Carbon Black Cloud.
There are three types of roles supported on the Cloud Services Console.
- Organization Roles: These roles determine the capabilities that the user has on the VMware Cloud Services Console.
- Service Roles: VMware Carbon Black Cloud specific roles that determine the capabilities that a user has in the VMware Carbon Black Cloud product.
- Custom Roles: Customers have the ability to define custom roles as alternatives to the pre-set Service Roles that determine the capabilities users will have in VMware Carbon Black Cloud.
It is mandatory to assign an Organization Role along with either a Service Role or an appropriately configured Custom Role to successfully grant users access to the VMware Carbon Black Cloud. Role assignment can be performed to assign roles directly to individual users or indirectly to groups of users.
Organization Roles
Organization roles are divided into two core types:
- Organization Owner: the core administrative role that allows the user to modify organization settings around identity and access management.
- Organization Member: an end-user role that grants users access to the organization without the ability to modify organization settings.
Service Roles for VMware Carbon Black Cloud
VMware Carbon Black Cloud provides several predefined user roles that are assigned to govern access capabilities and privileges within the VMware Carbon Black Cloud product. In concordance with the terminology of the VMWare Cloud Services Console, these are known as Service Roles. These include:
- View All
- Analyst 1
- Analyst 2
- Analyst 3
- System Admin
- Super Admin
Custom Roles
Customers also have the ability to define Custom Roles that can be assigned for user access and API access. These roles are constructed by specifying permissions, to provide more granular access for specific scenarios.
The content in this section is specific to the VMware Cloud services features in relation to Carbon Black Cloud, and provides more detail on the aforementioned feature capabilities.
See Using VMware Cloud Services Console for information specific to VMware Cloud Services Console™ not related to Carbon Black Cloud.