To grant user and service accounts the access that is required to perform their task, create Active Directory groups according to certain rules.
Create Active Directory groups according to the following rules:
-
Add user and service accounts to universal groups in the parent domain.
-
Add the global groups in each child domain to the universal groups.
-
Where applicable, assign access rights and permissions to the global groups located in the child domains, and to the universal groups located in the parent domain,
rainpole.local, to specific products according to their role.
Universal Groups in the Parent Domain
In the parent domain, rainpole.local, create the following universal groups:
| Group Name |
Group Scope |
Description |
|---|---|---|
| ug-wsa-admins |
Universal |
Group for Workspace ONE Access administrators |
| ug-wsa-directory-admins |
Universal |
Group for Workspace ONE Access directory administrators |
| ug-wsa-read-only |
Universal |
Group for Workspace ONE Access read-only user |
| ug-vrslcm-admins |
Universal |
Group for vRealize Suite Lifecycle Manager administrators |
| ug-vrslcm-content-admins |
Universal |
Group for vRealize Suite Lifecycle Manager content administrators |
| ug-vrslcm-content-developers |
Universal |
Group for vRealize Suite Lifecycle Manager content developers |
| ug-vrops-admins |
Universal |
Group for vRealize Operations administrators |
| ug-vrops-content-admins |
Universal |
Group for vRealize Operations content administrators |
| ug-vrops-read-only |
Universal |
Group for vRealize Operations read-only users |
| ug-vrli-admins |
Universal |
Group for vRealize Log Insight super administrators |
| ug-vrli-users |
Universal |
Group for vRealize Log Insight dashboard users |
| ug-vrli-viewers |
Universal |
Group for vRealize Log Insight view-only users |
| ug-vra-org-owners |
Universal |
Group for vRealize Automation organization owners |
| ug-vra-cloud-assembly-admins |
Universal |
Group for vRealize Automation organization member and Cloud Assembly administrators |
| ug-vra-cloud-assembly-users |
Universal |
Group for vRealize Automation organization member and Cloud Assembly users |
| ug-vra-service-broker-admins |
Universal |
Group for vRealize Automation organization member and Service Broker administrators |
| ug-vra-service-broker-users |
Universal |
Group for vRealize Automation organization member and Service Broker users |
| ug-vra-orchestrator-admins |
Universal |
Group for vRealize Automation organization member and vRealize Orchestrator administrators |
| ug-vra-orchestrator-designers |
Universal |
Group for vRealize Automation organization member and vRealize Orchestrator workflow designers |
| ug-vra-project-admins- sample |
Universal |
Group for vRealize Automation organization member and project administrators for the sample project |
| ug-vra-project-admins-x |
Universal |
Group for vRealize Automation organization member and project administrators for a specific project |
| ug-vra-project-users- sample |
Universal |
Group for vRealize Automation organization member and project member for the sample project |
| ug-vra-project-users-x |
Universal |
Group for vRealize Automation organization member and project member for a specific project |
Global Groups in the Child Domains
In each child domain, add the relevant role-specific global group in the child domain to the role-specific universal group in the parent domain.
| Group Name |
Group Scope |
Description |
Member of Groups |
|---|---|---|---|
| gg-vrslcm-admins |
Global |
Global group in a child domain for vRealize Suite Lifecycle Manager administrators |
RAINPOLE\ug-vrslcm-admins |
| gg-vrslcm-content-admins |
Global |
Global group in a child domain for vRealize Suite Lifecycle Manager content administrators |
RAINPOLE\ug-vrslcm-content-admins |
| gg-vrslcm-content-developers |
Global |
Global group in a child domain for vRealize Suite Lifecycle Manager content developers |
RAINPOLE\ug-vrslcm-content-developers |
| gg-vrops-admins |
Global |
Global group in a child domain for vRealize Operations Manager administrators |
RAINPOLE\ug-vrops-admins |
| gg-vrops-content-admins |
Global |
Global group in a child domain for vRealize Operations Manager content administrators |
RAINPOLE\ug-vrops-content-admins |
| gg-vrops-read-only |
Global |
Global group in a child domain for vRealize Operations Manager read-only users |
RAINPOLE\ug-vrops-read-only |
| gg-vrli-admins |
Global |
Global group in a child domain for vRealize Log Insight super administrators |
RAINPOLE\ug-vrli-admins |
| gg-vrli-users |
Global |
Global group in a child domain for vRealize Log Insight dashboard users |
RAINPOLE\ug-vrli-users |
| gg-vrli-viewers |
Global |
Global group in a child domain for vRealize Log Insight view-only users |
RAINPOLE\ug-vrli-viewers |
| gg-vra-org-owners |
Global |
Global group in a child domain for vRealize Automation organization owners |
RAINPOLE\ug-vra-org-owners |
| gg-vra-cloud-assembly-admins |
Global |
Global group in a child domain for vRealize Automation organization member and Cloud Assembly administrators |
RAINPOLE\ug-vra-cloud-assembly-admins |
| gg-vra-cloud-assembly-users |
Global |
Global group in a child domain for vRealize Automation organization member and Cloud Assembly users |
RAINPOLE\ug-vra-cloud-assembly-users |
| gg-vra-service-broker-admins |
Global |
Global group in a child domain for vRealize Automation organization member and Service Broker administrators |
RAINPOLE\ug-vra-service-broker-admins |
| gg-vra-service-broker-users |
Global |
Global group in a child domain for vRealize Automation organization member and Service Broker users |
RAINPOLE\ug-vra-service-broker-users |
| gg-vra-orchestrator-admins |
Global |
Global group in a child domain for vRealize Automation organization member and Orchestrator administrators |
RAINPOLE\ug-vra-orchestrator-admins |
| gg-vra-orchestrator-designers |
Global |
Global group in a child domain for vRealize Automation organization member and Orchestrator workflow designers |
RAINPOLE\ug-vra-orchestrator-designers |
| gg-vra-project-admins-sample |
Global |
Global group in a child domain for vRealize Automation organization member and Project Administrators for the sample project |
RAINPOLE\ug-vra-project-admins-sample |
| gg-vra-project-admins-x |
Global |
Global group in a child domain for vRealize Automation organization member and project administrators for the specific project |
RAINPOLE\ug-vra-project-admins-x |
| gg-vra-project-users-sample |
Global |
Global group in a child domain for vRealize Automation organization member and project member for the sample project |
RAINPOLE\ug-vra-project-users-sample |
| gg-vra-project-users-x |
Global |
Global group in a child domain for vRealize Automation organization member and project member for the specific project |
RAINPOLE\ug-vra-project-users-x |
