1.0
Table Of Contents
- VMware vFabric Data Director Administrator and User Guide
- Contents
- About VMware vFabric Data Director
- Updated Information
- VMware vFabric Data Director and vFabric Postgres Overview
- Managing Data Director Resources
- Managing Users and Roles
- Managing Organizations
- Managing Database Groups
- Managing Database Templates
- Managing Databases
- Cloning Databases
- Managing Database Entities
- Safeguarding Data
- Monitoring the Data Director Environment
- Managing Licenses
- Reconfiguring Data Director Networks
- Change the vCenter IP Address
- Reconfigure the Web Console Network Mapping or Network Adapter
- Reconfigure the vCenter Network Mapping
- Reconfigure the vCenter Network Adapter Settings
- Reconfigure the DB Name Service Network or DB Name Service Network Adapter
- Reconfigure the Internal Network or Internal Network Adapter Mapping
- Verify Network Settings in Data Director
- Data Director Troubleshooting
- Index
Data Director encrypts the password and stores it with the user information. When the user logs in, that user's
credentials are stored in an HTTP session. Data Director uses the credentials to validate that the user is
authorized to view organization objects (database groups and databases) and to perform tasks.
Role-Based Access Control
Role-based access control enables system and organization administrators to control user access to Data
Director and to control what users can do after they log in. To implement role-based access control, system
and organization administrators associate (or revoke) privileges, permissions, and roles with (or from) user
login accounts.
Users
User logins (users) are unique accounts that enable users to access Data
Director. They include a password and identifying information such as name,
email address, and phone number. Because user login accounts are unique,
system and organization administrators can control each user's access and
actions by granting or revoking privileges, permissions, and roles to or from
the user's login account.
Users can be active or inactive. Inactive users cannot log in.
Privileges
Privileges control all actions in Data Director. They define the allowable actions
within an organization. Privileges apply to particular types of Data Director
objects. For example, you can apply the Stop Database privilege to
organizations, database groups, and databases and apply the Create
Database privilege to organizations and database groups. Privileges by
themselves are not associated with specific objects within an organization.
Permissions
Permissions associate a user and privilege pair with an object in Data Director.
Examples are granting a user permission to start or stop a specific database, to
modify an organization's backup templates, or to create other users in an
organization.
You can grant permissions to users by assigning a role to a user, or by granting
permissions directly to the user.
Roles
Roles are collections of permissions that can be associated with or granted to
users. Roles provide a convenient way to package all the permissions required
to perform a job, such as that of database administrator. Roles apply only to
the entity in which they are created. If you create a role at the system level, it
applies only to the system. If you create a role in an organization, it applies only
to the organization. Organizations have no visibility into each others' roles. If
two organizations in the same Data Director data cloud each have a role that
has the same name, those roles are distinct within each organization.
One user can have multiple roles within an organization. Users can have access
to multiple organizations and can have multiple roles in each organization.
A user can have different roles for different objects. For example, if you have
two database groups in your organization, DBG1 and DBG2, you can grant the
Database Admin role to a particular user on DBG1 and grant that user the DB
User role on DBG2. These assignments might allow the user to perform
administrative tasks in DBG1, but not in DBG2.
Chapter 3 Managing Users and Roles
VMware, Inc. 27