You assign roles in SDDC Manager to Active Directory security groups. You can later assign access to users by adding them to that groups.
You assign access to Active Directory security groups for all three roles in SDDC Manager:
Admin
Operator
Viewer
UI Procedure
- Log in to SDDC Manager at https://<sddc_manager_fqdn> as [email protected].
For VMware Cloud Foundation 4.4 or earlier, in the navigation pane, click
.For VMware Cloud Foundation 4.5 or later, in the navigation pane, click
.On the Manage users page, click the Add user or group button.
On the Add user or group page, in the search text box, enter the name of the group.
In the table, under the User / group name column, select the check box next to the group.
In the Role column, from the drop down menu, select a role for the group and click Add.
Repeat the procedure for the remaining SDDC Manager roles.
PowerShell Procedure
Start PowerShell.
Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.
$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" $sddcManagerUser = "[email protected]" $sddcManagerPass = "VMw@re1!" $domainFqdn = "sfo.rainpole.io" $domainBindUserVsphere = "svc-vsphere-ad" $domainBindPassVsphere = "VMw@re1!" $vcfAdminGroup = "gg-vcf-admins" $vcfOperatorGroup = "gg-vcf-operators" $vcfViewerGroup = "gg-vcf-viewers"
Perform the configuration by running the command in the PowerShell console.
Add-SddcManagerRole -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domainFqdn -domainBindUser $domainBindUserVsphere -domainBindPass $domainBindPassVsphere -principal $vcfAdminGroup -role ADMIN -type group Add-SddcManagerRole -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domainFqdn -domainBindUser $domainBindUserVsphere -domainBindPass $domainBindPassVsphere -principal $vcfOperatorGroup -role OPERATOR -type group Add-SddcManagerRole -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domainFqdn -domainBindUser $domainBindUserVsphere -domainBindPass $domainBindPassVsphere -principal $vcfViewerGroup -role VIEWER -type group