This article shows how to create a layered user environment in Red Hat Cloud Infrastructure. The user environment is comprised of the three key objects in Red Hat CloudForms Management Engine: Roles, Groups, and Users. The procedures in this article show how to create each object and how all three objects relate to each other.
User accounts are created in CloudForms Management Engine to give people access to specific features and resources. Each user is assigned to a group that uses a set of role-based access controls to limit accessible features and resources. This provides a method to group common users together and provide access to features relevant to their grouping.
This article demonstrates how to set up a user environment using three key organizational units: Roles, Groups, and Users.
Roles provide access to certain features in CloudForms Management Engine. For example, you might want to restrict access to Services and Cloud Providers for a set of self-service users. Or, you might want to provide Cloud Intelligence features to users who only need access to reports.
Groups limit access to certain resources such as specific Clusters, Hosts, and Virtual Machines. You also assign a Role to each Group so that access to such resources is limited to a certain feature set.
Users are single organizational units representing people with access to CloudForms. Each User is assigned to a Group and inherit the permissions to access the Group's defined resources and the Role's defined feature set.
Creating the User Environment
The following procedures in this example show how to setup a Role, a Group, and a User for access to a specific Cloud Provider. For this example, you need a Cloud Provider added to CloudForms Management Engine.
Creating a Role
This first step is to create a role that allows permissions to only the Clouds feature set.
- Login to CloudForms Management Engine.
- Navigate to Configure, then Configuration.
- Click on the Access Control accordion, then click Roles.
- Click Configuration, then Add a new Role.
- In the Role Information area, enter the following name for the new role: CloudForms-my_role.
- For VM & Template Access Restriction, select None.
- Under Product Features (Editing), click the checkbox for Clouds only.
- Click Add.
You have created a role with access to the Clouds feature set.
Creating a Group
The next step is to create a group that uses CloudForms-my_role and has access to your Cloud Provider only.
- In the Access Control accordion, click Groups.
- Click Configuration, then Add a new Group.
- Enter the following name for the group in the Description field: CloudForms-my_group.
- Select the CloudForms-my_role role to map to this group.
- For this example, skip the Assign Filters area. In future, you can use this to limit certain tags to this group.
- Click the Host & Clusters tab and check the box for your Cloud Provider. Once checked, the Cloud Provider changes to a bold, blue font.
- For this example, skip the VMs & Templates tab. In future, you can use this to limit certain virtual machines and templates to this group.
- Click Add.
You have created a group with access to your Cloud Provider. This group also uses the role we created earlier to limit access to the Clouds feature set.
Creating a User
The final step is the create a user account and assign it to CloudForms-my_group.
- In the Access Control accordion, click Users.
- Click Configuration, and Add a new User to create a user.
- Type in the details for the user. For example:
- Name: My User
- UserID: my_user
- Password: mypassword
- Confirm Password: mypassword
- Email Address: email@example.com
- For Group, select the CloudForms-my_group you created earlier.
- Click Add.
You have created a user with access to your Cloud Provider through CloudForms-my_group. This user can only access it through the Clouds feature set, as per the CloudForms-my_role definition.
This example provides a foundation for your Red Hat Cloud Infrastructure user environment. You can build upon this foundation and create rich, complex sets of Roles, Groups, and Users that provide access to different parts of CloudForms Management Engine. This provides groups of users in your organization with access to features most relevant to their needs.