To ensure that enterprise users log in with required role-based access controls, you configure the enterprise identity source user groups that are synchronized in the clustered Workspace ONE Access deployment for vRealize Operations Manager.

You assign the Administrator, ContentAdmin, and ReadOnly roles to the corresponding Active Directory user groups according to your values in the VMware Cloud Foundation Planning and Preparation Workbook.

UI Procedure

  1. Log in to the vRealize Operations Manager operations interface at https://<vrealize_operations_manager_fqdn> with a user assigned the Administrator role.
  2. In the left pane, click Administration.

  3. On the Administration page, click Access control.

  4. Click the User groups tab and, from the ellipsis drop-down menu, select Import from source.

  5. In the Import user groups dialog box, from the Import from drop-down menu, select the vIDMAuthSource - VMware Identity Manager instance as an authentication source.

  6. In the Domain name text box, enter the domain name.

  7. In the Search prefix text box, enter the name of the Active Directory group for the Administrator role according to your values in the VMware Cloud Foundation Planning and Preparation Workbook and click Search.

  8. Select the group and click Next.

  9. On the Roles and objects page, configure these settings and click Finish.

    Setting

    Value

    Select role

    Administrator

    Assign this role to the group

    Selected

    Allow access to all objects in the system

    Selected

  10. To allow access to all objects in the system, in the confirmation dialog box, click Yes.

  11. Repeat this procedure for the ContentAdmin and the ReadOnly roles.

PowerShell Procedure

  1. Start Windows PowerShell.

  2. Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "administrator@vsphere.local"
$sddcManagerPass = "VMw@re1!"

$domain = "sfo.rainpole.io"
$vropsAdminGroup = "gg-vrops-admins"
$vropsContentAdminGroup = "gg-vrops-content-admins"
$vropsReadOnlyGroup = "gg-vrops-read-only"

  3. Perform the configuration by running the command in the PowerShell console.

    Import-vROPSUserGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domain -groupName $vropsAdminGroup -role Administrator

Import-vROPSUserGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domain -groupName $vropsContentAdminGroup -role ContentAdmin

Import-vROPSUserGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domain -groupName $vropsReadOnlyGroup -role ReadOnly