This section explains how to set up and use role-based access in Forge.
For more information see Section 2.1.1, Role-Based Access.
Before users can be added to security groups in Forge, you need to add them to the Host Appliance.
To add a user to the Host Appliance:
Log in to the Host Appliance either by using Remote Desktop or through the VMware Infrastructure Client (VIC).
Right-click on the My Computer icon and click Manage. If the My Computer icon is not displayed on the Host Appliance desktop, click compmgmt.msc and hit Enter.
> , typeExpand
in the left pane. You may need to expand first if you don’t see .Select
and click > .Enter desired informaton in the New User dialog and click
.Double-click the user name you just created.
Click the Member Of tab and click
.Type in the name of the group exactly to which you want to add the user and hit Enter.
There are three available group names: Workload Protection Administrators, Workload Protection Operators and Workload Protection Power Users. For more information on the rights for each group, see Table 2-1.
Click
.Only Administrators can access the Forge Settings page and manage security groups. If no users or groups exist yet, then this is the default Forge Administrator.
To create a security group in Forge:
Log in to Forge as an administrator.
Click the Settings tab and then click
.The Security Groups page is displayed. Notice there is a default, undeletable security group called All Workloads. This group is used to set up appliance-wide permissions for users.
Click
.Change the supplied group name if desired. Notice that all administrators are automatically added to the group.
To add non-administrator users (power users or operators), click
.For information on creating users, see Creating Host Appliance Users.
Select the
check box beside the users you want added to the new security group.NOTE:Non-administrator users who are not granted access here are the only users who won’t have access to the workloads in this security group.
Click
.To add workloads to the new group, click
.Select the
check box beside the workloads you want added to the new security group.Notice that workloads already assigned to a security group do not have a check box to select beside them and show the name of the security group they are assigned to in the Security Group column. Workloads that can be selected display a check box and say Unassigned under the Security Group column.
NOTE:Workloads can belong to only one Security Group at a time.
Click
.Click
to create the security group with your configurations.After a Security Group is set up, you can go in and change which users or workloads are a part of that Security Group or change the Security Group name.
To edit a Security Group:
Log in to Forge as an administrator.
Click the Settings tab and then click
.The Security Groups page is displayed.
Click the name of the Security Group you want to edit.
Make any changes desired and click
.Deleting Security Groups has no affect on the users and workloads in those Security Groups, except to change user access.
To delete a Security Group:
Log in to Forge as an administrator.
Click the Settings tab and then click
.The Security Groups page is displayed.
Click
beside the Security Group you want to delete. Notice that the All Workloads default Security Group has no hyperlink beside it and cannot be deleted.Click
.If you delete a user from the Application Host, you still need to remove the user from the Security Group, though when you view the Security Group after deleting the user from the Application Host, they are displayed with a line through their name.
The exception is for Administrators, either Local Administrators or members of the Workload Protection Administrators group, in which case deleting them from the Application Host also removes them from the Security Group. In fact, this is the only way to remove any type of administrator from a Security Group.
To remove a user from a Security Group:
Log in to Forge as an administrator.
Click the Settings tab and then click
.The Security Groups page is displayed.
Click the name of the Security Group from which you want to remove a user.
The
hyperlink is displayed next to any users capable of being removed. Click to remove that user.Click
.If you remove a workload from Forge, it is also removed from any Security Group to which it belongs. No further steps are required. If you want to remove a workload from a Security Group but keep the workload in Forge and protected, you can do so on the Security Groups page.
To remove a workload from a Security Group:
Log in to Forge as an administrator.
Click the Settings tab and then click
.The Security Groups page is displayed.
Click the name of the Security Group from which you want to remove a workload.
Click
next to any workload you want to remove.Click
.