I want to set up multi-tenant environments where the users can have granular permissions and roles to access Hyper-V infrastructure. How do I use the Role Based Access Control capabilities (RBAC) in Acronis Manager Datacenter to set up multi-tenant environments?
In order to use role based access control capabilities (RBAC) to set up multi-tenant environments, you will need to set tenants, users and roles as part of the system configuration process. You have to be a system administrator to perform these functions; credential for the system administrator are set during the Management Service setup. Tenants, users and roles can be set in the Administration plugin under the system administration credential.
To create a tenant go to Administration>Tenants tab and press Create tenant button and start Tenant wizard.
Define the tenant name and description. Tenant is created and enabled by default. If you do not want the tenant user to access the system, please uncheck the Enabled checkbox.
Define the tenant administrators. They can be selected from the existing users list or a new tenant administrator can be created.
Associate objects with the tenant. An object can be associated with a single tenant only. However, the tenant administrators have full access to all of the objects belonging to a tenant.
Check the summary information for accuracy, then press the Finish button to create a tenant.
To create a user, go to Administration>Users tab, press Add User button and start the Add User wizard.
Define the user type and set the credentials. The user is created as Enabled by default. If you do not want that user to access the system, please uncheck the Enabled checkbox.
Define the user resources and roles. By default there are 3 roles in the system: Full Access, Read Only and Basic. However, you can also define your own roles. The tenant user can only have access to the objects that are associated with the tenant.
Check the summary information for accuracy, then press the Finish button to create a new user.
Roles combine granular permissions into the named groups for a user's convenience.
To create a role go to Administration>Roles tab, press Create role button and define the role name and the description.
After that, select role and press Edit button to define a set of permissions for the role.
There is a set of granular permissions for every object type.
- Virtual machine
- Virtual Network Switch