As a vRealize Automation organization owner, you are responsible for managing the access and the budget for your infrastructure resources. You have a team of cloud template developers who iteratively create and deploy templates for different projects until they are ready to deliver to their consumers. You then deliver the deployable resources to the consumers in a catalog.
This use case assumes that you understand that use case 1 is an administrator-only use case. You now want to expand your system to support more teams and larger goals.
- Let developers create and deploy their own application cloud templates during development. You add yourself as administrator, then add additional users with both the service user and the service viewer role. Next, you add the users a as project members. The project members can develop and deploy their own cloud templates.
- Publish cloud templates to a catalog where you make them available for non-developers to deploy. Now you are assigning user roles for Service Broker. Service Broker provides a catalog for the cloud template consumers. You can also use it to create policies, including leases and entitlements, but that functionality is not part of this user role use case.
Procedure
- Assign organization member roles to your cloud template developer users.
- Assign the Cloud Assembly service member role to your cloud template developers.
- Click Add Service Access.
- Configure the user with the following value.
Service |
Role |
Cloud Assembly |
Cloud Assembly User |
Cloud Assembly |
Cloud Assembly Viewer |
In this use case, your developers need to see the infrastructure to ensure that they are building deployable cloud templates. As users that you will assign as project administrators and project members in the next step, they cannot see the infrastructure. As service viewers they can see how the infrastructure is configured, but cannot make any changes. As the cloud administrator, you remain in control, but give them access to the information they need to develop cloud templates.
- Create projects in Cloud Assembly that you use to group resources users.
In this use case, you create two projects. The first project is PersonnelAppDev and the second is PayrollAppDev.
- In the console, click the Services tab, and then click Cloud Assembly.
- Select .
- Enter PersonnelAppDev as the name.
- Click Users, and then click Add Users.
- Add project members and assign a project administrator.
Project Role |
Description |
Project User |
A project member is the primary developer user role in a project. Projects determine what cloud resources are available when you are ready to test your development work by deploying a cloud template. |
Project Administrator |
A project administrator supports their developers by adding and removing users for your projects. You can also delete your projects. To create a project, you must have service administrator privileges. |
- For the users that you are adding as project members, enter the email address of each user, separated by a comma, and select User in the Assign role drop-down menu.
- For the designated administrators, select Administrator in the Assign role drop-down menu and provide the necessary email address.
- Click the Provisioning tab and add one or more cloud zones.
When the cloud template developers who are part of this project deploy a template, it is deployed to the resources available in the cloud zones. You must ensure that the cloud zone resources match the needs of the project development team templates.
- Repeat the process to add the PayrollAppDev project with the necessary users and an administrator.
- Provide the service user with the necessary login information and verify that the members of each project can do the following tasks.
- Open Cloud Assembly.
- See the infrastructure across all projects.
- Create a cloud template for the project that they are a member of.
- Deploy the cloud template to the cloud zone resources defined in the project.
- Manage their deployments.
- Assign organization member roles to your cloud template developer users.
- Assign roles to a catalog administrator, catalog consumers, and cloud template developers based on their job.
- Click Add Service Access.
- Configure the catalog administrator with the following value.
This role might be you, the cloud administrator, or it might be someone else on your application development team.
Service |
Role |
Service Broker |
Service Broker Administrator |
- Configure the cloud template consumers with the following value.
Service |
Role |
Service Broker |
Service Broker User |
- Configure the cloud template developers with the following value.
Service |
Role |
Cloud AssemblyCloud Assembly |
Cloud Assembly User |
- Create projects in Cloud Assembly that you use to group resources and users.
In this use case, you create two projects. The first project is PersonnelAppDev and the second is PayrollAppDev.
- Create and release cloud templates for each project team.
- Import a Cloud Assembly cloud template into Service Broker.
You must log in as a user with the
Service Broker Administrator role.
- Log in as a user with the Service Broker Administrator role.
- In the console, click Service Broker.
- Select , and click New.
- Select Cloud Assembly Cloud Template.
- Enter PersonnelAppImport as the name.
- In the Source project drop-down menu, select PersonnelAppDev and click Validate.
- When the source is validated, click Create and Import.
- Repeat for PayrollAppDev using PayrollAppImport as the content source name.
- Share an imported cloud template with a project.
Although the cloud template is already associated with a project, you create a sharing policy in
Service Broker to make it available in the catalog.
- Continue as a user with the Service Broker administrator role.
- In Service Broker, select .
- Click New Policy, and then click Content Sharing Policy.
- Enter a Name.
- On the Scope list, select the PersonnelAppDev project.
- In the Content sharing section, click Add Items.
- In the Share Items dialog box, select the
PersonnelApp
cloud template and click Save.
- In the Users section, select the project users and groups that you want to see the item in the catalog.
- Click Create.
- Verify that the cloud template is available in the Service Broker catalog to the project members.
- Request that a project member log in and click the Catalog tab.
- Click Request on the PersonnelApp cloud template card.
- Complete the form and click Submit.
- Verify that the project member can monitor the deployment process.
- Request that the project member select and locate their provisioning request.
- When the cloud template is deployed, verify that the requesting user access the application.
- Repeat the process for the additional projects.
Results
In this use case, recognizing that need to delegate the cloud template development to the developers, you add more organization members. You made them Cloud Assembly users. You then made them members of relevant projects so that they can create and deploy cloud templates. As project members, they cannot see or alter the infrastructure that you continue to manage, but you gave them full service viewer permissions sot that they could understand the constraints of infrastructure that they are designing for.
In this use case, you configure users with various roles, including the Service Broker administrator and users. You then provide the non-developer users with the Service Broker catalog.