VMware vRealize Automation 8.1 – Part7 User Permissions, Roles & Branding

vRealize Automation uses VMware Workspace ONE Access, the VMware supplied identity management application to import and manage users and groups. After users and groups are imported or created, you can manage the role assignments for single tenant deployments using the Identity & Access Management page. This blog will focus on user permissions and the role that has to be assigned for a user to request an item from the catalog.

VMware vRealize Automation 8.1 – Part1: Cloud Assembly & Service Broker
VMware vRealize Automation 8.1 – Part2: Cloud Accounts, Projects & Cloud Zones
VMware vRealize Automation 8.1 – Part3: Flavor Mapping & Image Mapping
VMware vRealize Automation 8.1 – Part4: Network Profiles
VMware vRealize Automation 8.1 – Part5: Blueprints
VMware vRealize Automation 8.1 – Part6: Content & Catalog
VMware vRealize Automation 8.1 – Part7: User Permissions, Roles & Branding

We have already integrated our Active Directory in vIDM. And a user name ‘Broker’ was created. Refer to my earlier blog here.

https://virtualrove.com/2020/07/11/vmware-vrlcm-8-1-part3-identity-manager-ad-integration/

We will use ‘Broker’ user account to give permissions. So that ‘Broker’ can request catalog items from vRA.

Log into vRA> Identity & Access Management> Check the box for ‘Broker’ user under Active Users.

You will see all users here from our active directory, since we have integrated vIDM into vRA.

Edit Roles
Assign Org Role: Org Member
Assign Service Role: Service Broker
With Role: Service Broker User

Save.

This configuration will give ‘Broker’ user to access only ‘Service Broker’ page and request item from the catalog.

Logout and Log into vRA using Broker user.

Notice that the only service available is ‘Service Broker’

Click on it and request for a catalog item.

Notice that the ‘Requestor’ name is ‘Broker’.

‘Broker’ user will have access to request for an item

That was simple example of assigning user permissions, likewise you can define who can do what and what services should be available for a particular user.

Please check detailed documentation on user roles in vRA here on VMware Official Site.

https://docs.vmware.com/en/vRealize-Automation/8.1/Administering/GUID-F94CB09A-DD93-4571-9D39-7FC1E6FA68CF.html

We now move to ‘Branding’ part to give nice look to your vRA portal.

vRA allows you to do custom branding for each tenant. You can define logo and colors of your web page. By default, I see following default branding before I apply my own.

After custom branding, I see it like this.

I added a company logo, text color, background color & product name.

Log into vRA with IDM user. Click on ‘Branding’ tab and define parameters.

Apply.

It was that simple to do the branding of vRA portal. 😊

With that we have come to an end of this series. It’s always fun working on vRA. I have seen it since version 6.X. The end results are always satisfactory, and it simplifies your daily tasks. See you in next post.

Leave your email address in below box below to receive notification on my new blogs.

VMware vRealize Automation 8.1 – Part6: Content & Catalog

I hope, by now you have clear understanding of Blueprints in vRA. Likewise, you can create a blueprints for any OS which supports virtualization. Let’s continue to next blog.

VMware vRealize Automation 8.1 – Part1: Cloud Assembly & Service Broker
VMware vRealize Automation 8.1 – Part2: Cloud Accounts, Projects & Cloud Zones
VMware vRealize Automation 8.1 – Part3: Flavor Mapping & Image Mapping
VMware vRealize Automation 8.1 – Part4: Network Profiles
VMware vRealize Automation 8.1 – Part5: Blueprints
VMware vRealize Automation 8.1 – Part6: Content & Catalog
VMware vRealize Automation 8.1 – Part7: User Permissions, Roles & Branding

This post will focus on post tasks that has to be performed to get the Blueprint into the catalog. You have to use ‘Service Broker’ section from ‘My Services’ for further configuration. It used to be ‘Entitlements’ section in earlier version of vRA.

Service Broker: It provides a single to point to request and manage catalog items.

Log into vRA & Click on ‘Service Broker’

Service Broker> Content & Policies> Content Sources> New

We want to import a Blueprint that we created in cloud assembly. Click on ‘Cloud Assembly’

Also note the various sources from where you can import blueprints from.

Provide a Name, Select Source Project and click on Validate. The Validation returns with ‘1 item found’

Create & Import.

Verify that the source has been added and you Number of items listed.

Move to ‘Content Sharing’. Search and select ‘Gov’ project.> ‘Add Items’

Check the box for ‘Windows Server 2019’ item and click on Save.

Your template should appear in ‘Content’ section.

Content section will show you all your imported blueprints and templates. And all items from this page will appear under ‘Catalog’

Click on ‘Catalog’ & you should see a catalog item to ready for users to request.

Any user who has been granted with appropriate access can now request for a Windows Server from this page.

Click on ‘Request’ and click on Submit.

Once the request has been submitted, it will deploy a windows server without user intervention. Its all because, we have configured backed infrastructure and a system admin no longer needs to perform any tasks manually. This is ‘Automation’ and similar configuration can be done for all supported server versions in vRA.

That was all for this post. Will check on user permissions in my next post.

Leave your email address in below box below to receive notification on my new blogs.