To ensure that enterprise users log in to vRealize Log Insight by using role-based access control, configure enterprise identity source user groups and assign roles in vRealize Log Insight.

You create and assign access to Active Directory groups for the following roles in vRealize Log Insight:

  • Super Admin

  • User

  • View Only Admin

UI Procedure

  1. Log in to vRealize Log Insight at https://<vrealize_log_insight_fqdn> as admin.
  2. On the main navigation bar, click Administration.
  3. In the navigation pane, click Management > Access control.

  4. On the Access control page, click the Users and groups tab.

  5. In the Directory groups section, click New group.

    The New group dialog box opens.

  6. Configure the group according for the Super Admin role according to your VMware Cloud Foundation Planning and Preparation Workbook and click Save.

  7. Repeat this procedure for the remaining vRealize Log Insight roles.

PowerShell Procedure

  1. Start Windows PowerShell.

  2. Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

    $sddcManagerFqdn = ""
    $sddcManagerUser = "administrator@vsphere.local"
    $sddcManagerPass = "VMw@re1!"
    $domain = ""
    $vrliAdminGroup = "gg-vrli-admins"
    $vrliUserGroup = "gg-vrli-users"
    $vrliViewerGroup = "gg-vrli-viewers"
  3. Perform the configuration by running the command in the PowerShell console.

    Add-vRLIAuthenticationGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domain -group $vrliAdminGroup -role 'Super Admin'
    Add-vRLIAuthenticationGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domain -group $vrliUserGroup -role 'User'
    Add-vRLIAuthenticationGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domain -group $vrliViewerGroup -role 'View Only Admin'