Each user must have a unique account with one or more roles assigned to enforce role-based security when they use vRealize Operations Manager. You create a user account, and assign the account to be a member of one or more user groups to allow the user to inherit the roles associated with the user group and to access the objects associated with the user group. You assign individual role types to the user to set their privileges, and select the objects in your environment that the user can access.

To manage user accounts and their associated user groups, roles, and passwords, select Administration and click Access Control. The user account information appears on the page.

Access Control Tabs and Workspaces

Option

Description

User Accounts

Add, edit, remove, or import vRealize Operations Manager user accounts from an LDAP database, and manage user roles, their membership in groups, and the objects assigned for association with the user. Import user accounts from an LDAP database that resides on another machine.

vCenter Server users who are logged in to vRealize Operations Manager, either logged in directly or through the vSphere Client, appear in the list of user accounts.

User Groups

Add, edit, or remove, or import user groups, update the members in a group and the associated objects that they can access. Import user groups from an LDAP database that resides on another machine.

If you use an LDAP database to manage users and groups, select LDAP Import Sources in the left pane to select the LDAP import source.

vRealize Operations Manager continuously synchronizes the user membership of imported LDAP user groups when the autosync option is enabled in the LDAP configuration.

Roles

For users to perform actions in vRealize Operations Manager, they must be assigned specific roles. With role-based access, users can perform only the actions defined for their roles by the system Administrator. For example, to import or export a policy, the role assigned to your user account must have the Import or Export permissions enabled for policy management.

Password Policy

Manage local user passwords, set the criteria for account lockout, password strength, and the password change policy settings.