You can assign permissions at the object level and associate them to a specific Role.

As a System Administrator, you can restrict a user to access only specific objects. For example, you can assign permissions to VNF Administrators to access only specific VNFs. The Advance Filter option allows you to provide object-level permissions to roles.

What are Accessible Objects

Accessible objects are the objects of VMware Telco Cloud Automation that you can access. Virtual Infrastructure Managers (VIM), Network Function catalogs, Network Function instances, Network Service catalogs, Network Service instances, Kubernetes cluster templates, and Kubernetes cluster instances are all accessible objects.

What is the Parent-Child Relationship of an Object

When you define a permission for an object, that permission is implicitly assigned to all instances created within that object. For example, when you define permissions for a user to access a certain catalog, the user implicitly has the permissions to access all instances created in that catalog.

The two major object groups that have an implicit parent-child relationship are:
  • Network Function catalogs and Network Function instances.
  • Network Service catalogs and Network Service instances.

About Advance Filters

  • If a user or a user group has multiple permissions, the list of objects that they can access is a union of all the objects that can be viewed through each permission.
  • Filters that are applied to objects at the parent level are also applied to child objects. For example, you create permissions for your VNF Administrator with filters to view the VNF Catalogs of a vendor. When the VNF Administrator logs in, they can view the VNF Catalogs and the VNFs that belong to the vendor. Here, the parent object is the VNF Catalog and the child object is the VNF.

You can enable Advance Filter and assign object-level permissions when you create or edit permissions. For steps to create permissions, see Create Permission.