Where You Find the Access Control Options
You can manage user accounts and their associated user groups, roles, scopes and passwords.
From the left menu, click Administration, and then click the Access Control tile.
| Option | Description |
|---|---|
| User Accounts |
Add, edit, remove, or import vRealize Operations user accounts from an LDAP database, and manage user roles, their membership in groups, and the scopes assigned for association with the user. Import user accounts from an LDAP database that resides on another machine. vCenter Server users who are logged in to vRealize Operations, either logged in directly or through the vSphere Client, appear in the list of user accounts. |
| User Groups |
Add, edit, or remove, or import vRealize Operations user groups, update the members in a group and the associated scopes that they can access. Import user groups from an LDAP database or a single sign-on database that resides on another machine. vRealize Operations continuously synchronizes the user membership of imported LDAP user groups when the autosync option is enabled in the LDAP configuration. |
| Roles |
For users to perform actions in vRealize Operations, they must be assigned specific roles. With role-based access, when you assign a role to a user, you are determining not only what actions the user can perform in the system, but also the objects upon which those actions can be performed while holding the role. For example, to import or export a policy, the role assigned to your user account must have the Import or Export permissions enabled for policy management. |
| Scopes | Add, edit, clone, or remove scope associated with users or groups in vRealize Operations. Scope lets you limit the access of a user or a set of users to vRealize Operations. You can also define the scope for all the objects managed by vRealize Operations. |
