This chapter explains the user accounts used in Resource Orchestrator.
Defining User Accounts
With Resource Orchestrator, you can restrict the operations that each user account can perform and the resources that operations can be performed on.
The main user types of Resource Orchestrator are as follow:
System administrators manage the operation of the entire system. System administrators install and configure systems.
Administrator privileges for the operating system are required. Normally the roles of the infrastructure administrator and system administrator are performed concurrently.
Infrastructure administrators manage ICT resources such as servers, storage, networks, and images.
They collectively manage ICT resources in resource pools, and perform addition, configuration modification, and maintenance of ICT resources when necessary.
In Resource Orchestrator, the following roles can be assigned to infrastructure administrators:
infra_admin (infrastructure administrator)
Provide tenant users with L-Platform templates based on their needs.
In Resource Orchestrator, the following roles can be assigned to tenant administrators:
tenant_admin (tenant administrator)
Tenant users create L-Platforms and use them.
In Resource Orchestrator, the following roles can be assigned to tenant users:
tenant_user (tenant user)
lplatform_user (L-Platform user)
The following role combines the roles of infrastructure administrators and tenant administrators.
In Resource Orchestrator, the following roles can be assigned to dual-role administrators:
administrator (administrator)
For details on the resources which can be operated for each role, refer to "5.1 Restricting Access Using Roles".
User Account Conditions
Configure the following parameters for user accounts and roles to be created on Resource Orchestrator:
The user ID must start with an alphanumeric character, and can contain between 1 and 32 alphanumeric characters, underscores ("_"), hyphens ("-"), and periods (".").
The number of characters and usable character types for user ID may be limited depending on the directory service used for Single Sign-On authentication. For details on attributes to configure the user ID using the directory service, refer to "Table 12.1 Object Class" in "12.3 Registering Administrators". For details on limit values which can be specified as attributes to configure user IDs, refer to the manual for the directory service.
When using the directory service provided with ServerView Operations Manager for the directory service used by Single Sign-On, the user ID (uid attribute) must be unique in the directory service.
The string must be composed of alphanumeric characters and symbols, and can be between 8 and 64 characters long.
The number of characters and the usable character types for passwords may be limited depending on the directory service used for Single Sign-On authentication. For details on limit values of passwords, refer to the manuals of directory service.
Configure the role to set for the user account.
Configure the access scope to set for the user account.
Users with one of the following roles can create and modify user accounts:
infra_admin
tenant_admin
administrator
These roles can create and modify the following roles.
User Role | infra_admin | infra_operator | tenant_admin | tenant_operator | tenant_monitor | tenant_user | administrator | operator | monitor |
|---|---|---|---|---|---|---|---|---|---|
infra_admin | Yes | Yes | Yes | Yes | Yes | Yes | No | No | Yes |
tenant_admin | No | No | Yes | Yes | Yes | Yes | No | No | No |
administrator | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
