You can create or modify roles to allow users to perform certain tasks and access specific content.

Note: You can edit all predefined roles except the Super Admin role. You can clone the Super Admin role and then modify the cloned role.

Prerequisites

Verify that you are logged in to the vRealize Log Insight web user interface as a Super Admin user, or a user associated with a a role that has the Access control permission with Edit access level. The URL format of the web user interface is https://log-insight-host, where log-insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.

Procedure

  1. Expand the main menu and navigate to Management > Access Control.
  2. Click Roles.
  3. Click New Role or the pencil icon to edit an existing role.
  4. Modify the Name and Description text boxes.
  5. Select one or more permissions and their corresponding access levels from the Permissions list. Permissions have main categories and sub-categories within each main category.
    The following access levels are available:
    Full Access
    Provides view and edit access to all the sub-categories for a permission. For example, if you select the Full Access check box against the Management permission, the users associated with the role can view and edit clusters, hosts, agents, and the rest of the sub-categories under Management.
    No Access
    Does not provide view or edit access to the corresponding sub-category in a permission.
    View
    Provides view access to the corresponding sub-category in a permission.
    Edit
    Provides view and edit access to the corresponding sub-category in a permission.
    Note: Some permissions do not have all access levels due to absence of use cases. For example, you do not have the Edit access level for content pack dashboards. Similarly, you do not have the No Access access level for extracted fields in Explore Logs.
    The following permissions are available:
    Permission Description
    Management Can view or modify information corresponding to the selected sub-categories, under the Management section:
    • System monitor
    • Cluster
    • Access control
    • Hosts
    • Agents
    • Certificates
    • Licenses
    Configuration Can view or configure information corresponding to the selected sub-categories, under the Configuration section:
    • General Configuration
    • Authentication Configuration
    • Time Configuration
    • SMTP Configuration
    • SSL Configuration
    • Proxy Configuration
    Log Management Can view or manage information corresponding to the selected sub-categories, in the Log Management page:
    • Log Masking
    • Log Filtering
    • Log Forwarding
    • Index Partitions
    Integrations Can view or configure the integration of vRealize Log Insight with the products corresponding to the selected sub-categories, under the Integration section:
    • vSphere Integration
    • vROps (vRealize Operations)) Integration
    • NSX Integration
    • Cloud Integration
    Content Packs Can view or manage content packs in the Content Packs page.
    Alerts Can view, create, or modify alerts in the Alerts page or perform alert-related activities from the Explore Logs page.
    Explore Logs Can view or modify information corresponding to the selected sub-categories in the Explore Logs page:
    • Explore Logs
    • Extracted Fields
    • Export
    Dashboards Can view or modify information corresponding to the selected sub-categories in the Dashboards page:
    • User Dashboards
    • Shared Dashboards
    • Content Pack Dashboards
    • Shared Dashboard URLs
    • Scheduled Reports
  6. (Optional) From the Data Sets list, select a data set to associate with the user role.
  7. Click Save.

Results

The role appears in the Roles tab of the Access Control page, with information such as name, description, data sets, and so on.
  • To view the user accounts associated with any role, click Show Users against the role.
  • To view the permissions associated with any role, click Show Permissions against the role.

What to do next

You can associate a user account or group with the role. For more information, see: