You can add user accounts so that users can access the features of vRealize Operations Manager and certain objects in the environment. Or, modify user accounts to change their attributes, disable or lock the accounts, or require them to change their password. After you add user accounts, you can assign them to one or more user groups, and assign roles and objects to the account to specify the actions the user can perform and upon what objects. Assign the Administrators role only to specific users who must access objects and perform actions in the entire environment.
Where You Add or Edit User Accounts
To add a user account, in the menu, click Administration, and then in the left pane click
In the User Accounts tab, click the Add icon.
Optionally, to edit a user account, select a user account and click the Edit icon.
Table 1. Add or Edit Users Accounts- User Details Page
User Details Options
User name, without spaces, that will log in to vRealize Operations Manager.
User's password to access the vRealize Operations Manager instance.
Confirmation of the user's password.
User's first name, created when you create the user account.
User's last name, created when you create the user account.
User's email address, created when you create the user account.
Description of the user account, defined when you create the user account. This information can identify the type of user and a summary of their access rights.
Disable this user
Disable the user account so that a user cannot access the vRealize Operations Manager instance.
Account is locked out
Indicates that vRealize Operations Manager has locked the user account.
Require password change at next login
Enable users to change their password the next time they log in to the vRealize Operations Manager instance.
After you enter the user details, click Next.
Table 2. Add or Edit User Accounts - Assign Groups and Permissions page
Assign Groups Roles, and Objects Options
Select or deselect the groups associated with the user account. To select or deselect all accounts, click the Group Name check box. You cannot add user accounts to groups that you imported from an LDAP database.
Roles determine which actions a user can perform in the system. Select a role from the Select Role drop-down menu, and then select the Assign this role to the user check box. You can associate more than one role with the user account.
Select which objects the user can access when assigned this role.
Select Object Hierarchies: Displays groups of objects. Select an object in this list to select all the objects in the hierarchy.
Select Object: To select specific objects within the object hierarchy, click the down arrow to expand the list of objects. For example, expand the Adapter Instance hierarchy, and select one or more adapters.
Allow access to all objects in the system: Select this check box to permit the user account access to all objects in the system.
The roles and object permissions are interlinked when you assign more than one role to a user. For example, if the user has both, ReadOnly and PowerUser roles, the permissions associated with the PowerUser role will apply, because the PowerUser role includes the permissions associated with the ReadOnly role along with other permissions.
If the user has a custom role and the PowerUser role and the permissions of the custom role are not included in the permissions of the PowerUser role, the permissions of both the roles are merged and applied to the user.
The same rule (object permissions from different roles are merged) applies to the object hierarchies as well.