To ensure that users log in to VMware Aria Operations for Logs using role-based access control, configure identity source user groups and assign roles in VMware Aria Operations for Logs.
You create and assign access to Active Directory groups for the following roles in VMware Aria Operations for Logs:
Super Admin
User
View Only Admin
UI Procedure
- Log in to VMware Aria Operations for Logs at https://<aria_operations_for_logs_fqdn> as admin.
In the navigation pane, click .
On the Access control page, click the Users and groups tab.
In the Directory groups section, click New group.
Configure the group for the Super Admin role according to your VMware Cloud Foundation Planning and Preparation Workbook and click Save.
Repeat this procedure for the remaining VMware Aria Operations for Logs roles.
PowerShell Procedure
Start PowerShell.
Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.
$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" $sddcManagerUser = "[email protected]" $sddcManagerPass = "VMw@re1!" $domainFqdn = "sfo.rainpole.io" $logsAdminGroup = "gg-vrli-admins" $logsUserGroup = "gg-vrli-users" $logsViewerGroup = "gg-vrli-viewers"
Perform the configuration by running the command in the PowerShell console.
Add-vRLIAuthenticationGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domainFqdn -group $logsAdminGroup -role 'Super Admin' -authProvider ad Add-vRLIAuthenticationGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domainFqdn -group $logsUserGroup -role 'User' -authProvider ad Add-vRLIAuthenticationGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domainFqdn -group $logsViewerGroup -role 'View Only Admin' -authProvider ad
