This topic provides instructions for creating a new role.

1

Click New Role on the Administration page.

2

In the Properties section of the New Role page, enter the name and description for the role.

3

In the Permissions section, select a permission level:

Full

Read-Write

Read-Only

None

For each type:

Users

Grant Full to enable role users to create and delete user accounts.

Grant Read-Write to enable role users to edit users accounts.

Roles

If you select Full, which enables role users to create roles, vCenter Hypericwill ensure that the role's permission level to Users and Groups is at least Read-Only, because to create a role, you need to view users and groups.

Groups

Grant Full to enable role users to delete groups created by other users.

Grant Read-Write to enable role users to modify groups created by others.

Regardless of the permission level you select, any user can create groups, and as the owner of such groups, delete them.

Platforms

If you select Full, which enables role users to delete platforms and their child resources, vCenter Hyperic will require that the role's permission level to Servers and Services is also Full.

If you select Full or Read-Write, vCenter Hyperic will automatically select the checkbox for the Can Fix/Ack Alerts? and Can Control? capabilities.

If you select Read-Only, you have the option to grant alert management or resource control capabilities by clicking Can Fix/Ack Alerts? or Can Control? respectively.

If you select None, you cannot grant alert management or resource control permissions.

Servers

If you select Full, which enables role users to delete servers and child services, vCenter Hyperic will require that the role's permission level to Platforms is at least Read-Write, and its permission level to Services is Full.

If you select Full or Read-Write, vCenter Hyperic will automatically checkmark the Can Fix/Ack Alerts? and Can Control? capabilities.

If you select Read-Only, you have the option to grant alert management or resource control capabilities by clicking Can Fix/Ack Alerts? or Can Control? respectively.

If you select None, you cannot grant alert management or resource control permissions.

Services

If you select Full, vCenter Hyperic will require that the role's permission level to Servers is at least Read-Write.

Grant at least Read-Only if you are going to grant the role Full permission to Applications.

If you select Full or Read-Write, vCenter Hyperic will automatically select the checkboxes for the Can Fix/Ack Alerts? and Can Control? capabilities.

If you select Read-Only, you have the option to grant alert management or resource control capabilities by clicking Can Fix/Ack Alerts? or Can Control? respectively.

If you select None, you cannot grant alert management or resource control permissions.

Applications

Grant Full if you want role users to be able to create and delete applications.

Grant Read-Write if you want role users to be able to modify change applications created by others.

Escalations

Grant Full if you want role users to be able to create and delete escalations groups.

Grant Read-Write if you want role users to be able to modify escalations.

Policies

Grant Full if you want role users to be able to create and delete policies.

Grant Read-Write if you want role users to be able to modify policies created by others.

Grant Read-Only if you want role users to be able to view policies created by others.

If you select None, you cannot grant policies permission.

The role is saved, and the refreshed role page will have three new sections: Assigned Users, Assigned Groups, and Alert Calendar.

Once you have saved the role in the system, proceed to Assign Users to a Role.