This post covers how to configure User Entitlements for Virtual Machine Actions in vRealize Automation, specific to the DellEMC Data Protection Extension.
By default, vRA provides out of the box VM Actions (Power On/Off, Destroy VM, etc) for VM Users. Which Actions a VM User is allowed to see, depends on that User’s (or Business Group’s) Entitlements in vRA. If required, please have a look at the official VMware docs for the most up to-date details.
The DellEMC Data Protection Extension provides VM Users with additional VM Actions. To assign any of these Data Protection VM Actions, navigate to vRA > Administration > Catalog Management > Entitlements and create or select an Entitlement, as shown below:
Under the General tab, the Entitlement Name, Description, Status, Expiration Date can be configured as required. The final drop-down enables the relevant Business Group to be selected from the available Business Groups, as shown below:
In the Users & Groups section, to the right, note that checking the All Users and Groups entitles all users and user groups in the Business Group previously selected. This is the default setting. For more granular control of the Entitlement, uncheck that box and enter individual users or user groups as appropriate.
Click the Next button to proceed to the Items & Approvals tab, from where the individual Services, Items and Actions can be selected.
First select the appropriate Entitled Service that VM Users will be consuming. In the example below, this is the IaaS service that we have in our lab, used for all VM deployments.
If no individual Entitled Items are selected, then the Users and Groups will be entitled to all of the Items available within that Service.
The Entitled Actions allows selection of standard out of the box VM Actions as well as the newly available Data Protection Actions. Click the Green + icon to open the dialog box, from where it’s easiest to filter the available actions by Virtual Machine Type, as shown below:
Select the VM Actions as appropriate. Once you click Finish, then those VM Actions are immediately available to the entitled Users and User Groups, as shown below logged in as the dev1 user:
The example above contains all 8 available VM Actions.
- Add Data Protection
- Advanced Restore to New
- File Level Restore
- Remove Data Protection
- Restore Data
- Restore to New
- Run Data Protection
- View Protection Status
Select/Remove any of those VM Actions as appropriate to the target user or user group based on the level of functionality deemed appropriate for their roles.
I plan to put together another post covering each of the Actions, walking through what they give the User. In the meantime, the vRealize Data Protection Extension Admin Guide has more details on each Action, and where and how each can be used.
Hope that helps!