Adding a user or group and assigning role and assets

To configure role-based access control for SnapCenter users, you can add users or groups and assign role. The role determines the options that SnapCenter users can access.

Before you begin

You must have logged in as the SnapCenterAdmin role.
You must have created the user or group accounts in Active Directory in the operating system or database. You cannot use SnapCenter to create these accounts.
Note: The group names should not include /\[ ] :;|=,+*?< >' characters.

About this task

SnapCenter includes several predefined roles.
You can either assign these roles to the user or create new roles.
AD Users and AD Groups that are added to SnapCenter RBAC must have the READ permission on the Users Container and the Computers Container in the Active Directory.
After you assign a role to a user or group that contains the appropriate permissions, you must assign the user access to SnapCenter assets, such as hosts and storage connections.
This enables users to perform the actions for which they have permissions on the assets that are assigned to them.
You should assign a role to the user or group at some point to take advantage of RBAC permissions and efficiencies.
You can assign assets like host, resource groups, policy, storage connection, plug-in, and credential to the user while creating the user or group.

The minimum assets that you should assign an user to perform certain operations are as follows:

Operation	Assets assignment
Protect resources	host, policy
Backup	host, resource group, policy
Restore	host, resource group
Clone	host, resource group, policy
Clone lifecycle	host
Create a Resource Group	host

When a new node is added to a Windows cluster or a DAG (Exchange Server Database Availability Group) asset and if this new node is assigned to a user, you must reassign the asset to the user or group to include the new node to the user or group.
You should reassign the RBAC user or group to the cluster or DAG to include the new node to the RBAC user or group. For example, you have a two-node cluster and you have assigned an RBAC user or group to the cluster. When you add another node to the cluster, you should reassign the RBAC user or group to the cluster to include the new node for the RBAC user or group.
If you are planning to replicate Snapshot copies, you must assign the storage connection for both the source and destination volume to the user performing the operation.
You should add assets before assigning access to the users.

Attention: If you are using the SnapCenter Plug-in for VMware vSphere functions, to protect VMs, VMDKs, or datastores, you use the VMware vSphere GUI to add a vCenter user to a SnapCenter Plug-in for VMware vSphere role. The vCenter documentation contains information about adding a user to a role in vCenter

The SnapCenter concepts documentation contains more information about SnapCenter role-based access control (RBAC).

Concepts

Procedure

In the left navigation pane, click Settings.
In the Settings page, click Users and Access > .

In the Add Users/Groups from Active Directory or Workgroup page:

For this field…	Do this…
Access Type	Select either Domain or workgroup For Domain authentication type, you should specify the domain name of the user or group to which you want to add the user to a role. By default, it is pre-populated with the logged in domain name. Note: You must register the untrusted domain in the Settings > Global Settings > Domain Settings page.
Type	Select either User or Group Note: SnapCenter supports only security group and not the distribution group.
User Name	Type the partial user name, and then click Add. Note: The user name is case-sensitive. Select the user name from the search list. Note: When you add users from a different domain or an untrusted domain, you should type the user name fully because there is no search list for cross domain users. Repeat this step to add additional users or groups to the selected role.
Roles	Select the role to which you want to add the user.

Click Assign, and then in the Assign Assets page:
1. Select the type of asset from the Asset drop-down list.
2. In the Asset table, select the asset.
  The assets are listed only if the user has added the assets to SnapCenter.
3. Repeat this procedure for all of the required assets.
4. Click Save.
Click Submit.

After you finish

After adding users or groups and assigning roles, refresh the resources list.