Starting with VMware Cloud Director 10.5.1, you can manage tenant access to BGP configuration settings on your provider gateways.

You can assign different tenant permissions for the four BGP configuration items. There are three levels of access that you can assign for each of these items - Provider Only, View, or Manage. After creating a permissions group for a specific organization, you can edit the permissions that you assigned as necessary.

A view of the BGP permission group settings for a private provider gateway that uses IP spaces. The permission for BGP neighbor is set to View, the permission for community lists is set to Manage, and the permissions for IP prefix lists and route maps are set to Provider Only.

Note: For a tenant user to view and manage BGP components, their role must include the Limited Provider Gateway BGP: View and the Limited Provider Gateway BGP: Manage rights.

Prerequisites

  • Verify that you have the Provider Gateway Routing: View and Provider Gateway Routing: Manage rights assigned to you.
  • Verify that the provider gateway is using IP spaces.
  • Verify that the provider gateway is private (dedicated to a single organization).

Procedure

  1. From the top navigation bar, select Resources and click Cloud Resources.
  2. In the left pane, click Provider Gateways.
  3. Click the provider gateway.
  4. Click BGP and click Permission Groups.
  5. Click New.
  6. Enter a name and, optionally, a description for the permissions group.
  7. From the drop-down menu for each of the 4 BGP components, select the level of access that you want to provide to the organization.
    The default permission setting for each component is Provider Only, which provides no tenant access to BGP configuration settings.

    You can choose different permission settings for the different BGP components.

    • If you don't want to prevent any tenant access to the component, leave the Provider Only selection.
    • If you want to grant the organization a permission to view the component, select View.
    • If you want to grant the organization a permission to edit the settings for the componet, select Manage.
  8. Click Save.

What to do next

If necessary, you can edit the BGP permissions for each component of the permissions group.