2013-09-25 02:46 AM
I'm new user of VSC. I like this tool as it provides NetApp storage management integrated with vCenter.
I'm facing a problem regarding security.
I've been searching several hours to delegate backup/restore operations without granting administrative permissions on vSphere hosts.
VSC 4.2 provides built-in roles "VSC Backup" and "VSC Restore"
Assigning these roles to backup operators on the vCenter root grants Backup & Restore operations on the overall vCenter perimeter.
Backup / Restore operations are working fine
However, the "VSC Restore" role allows backup operators to modify hosts configuration ... we do not want to grant them such permissions.
Then I tried to remove all host/configuration permissions in the "VSC Restore" role ==> restore task starts and suspends working at 57% without any error.
This means that, as logically expected, the permissions on host are mandatory.
Therefore, I need help and/or advise from expert that knows VSC better than me.
How to delegate in VSC the backup/restore operations to backup operators with their access to vCenter infrastructure limited only to backup / restore operation ?
Is it possible ? or do I have to give up ?
Many thanks for your help
2013-09-25 04:55 AM
Many thanks for your reply.
I used to use the document/tool mentioned.
The problem is not on DOT side (RBAC User Creator)
The problem is coming from permissions granted by the "VSC Restore" role on ESX Hosts in vCenter.
"VSC Restore" role grants permissions in Host/Configuration that make a backup operator able to perform changes on ESX hosts configuration.
Such kind of change is under responsability of vSphere system administrator, not backup operator.