2.2.5. Cluster Permissions

Managing System Permissions for a Cluster
While the system administrator of the data center has the full range of permissions, a cluster administrator is a system administration role for a specific cluster only. This is a hierarchical model, and means that if a user is assigned the cluster administrator role for a cluster, all objects in the cluster can be managed by the user. The cluster administrator role permits the following actions:
  • Creation and removal of specific clusters.
  • Addition and removal of hosts, virtual machines, pools.
  • Permission to attach users to virtual machines within a single cluster.
This is useful in a data center where there are multiple clusters, each of which require their own system administrators. A cluster administrator has permissions for the assigned cluster only, not for all clusters in the data center.

To assign a system administrator role to a cluster:

  1. Click the Clusters tab.
    A list of clusters displays. If the required cluster is not visible, perform a search (see Section 1.2, “Search”).
  2. Select the cluster that you want to edit, and click the Permissions tab from the Details pane.
    The Permissions tab displays a list of users and their current roles and Inherited permissions, if any. This can include the Data Center Administrator.
  3. Click Add to add an existing user. The Add Permission to User dialog box displays. Enter a Name, or User Name, or part thereof in the Search textbox, and click Go. A list of possible matches display in the results list.
  4. Select the check box of the user to be assigned the permissions. Scroll through the Assign role to user list and select ClusterAdmin.
  5. Click OK.
    The name of the user displays in the Permissions tab, with an icon and the assigned Role.

Note

You can only assign roles and permissions to existing users. See Chapter 5, Users.
You can also change the system administrator of a cluster, by removing the existing system administrator, and adding the new system administrator, as described in the previous procedure.

To remove a system administrator role:

  1. Click the Clusters tab. A list of clusters displays. If the required cluster is not visible, perform a search (see Section 1.2, “Search”).
  2. Select the required cluster and click the Permissions tab from the Details pane.
    The Permissions tab displays a list of users and their current roles and permissions, if any.
  3. Select the check box of the appropriate user.
  4. Click Remove. The user is removed from the Permissions tab. As this is hierarchical, the user will also be removed from the hosts and other objects.