OOB Groups, Roles, and Permissions

Workload Manager comes with several OOB groups, each group contains one or more roles, and each role has its own set of permissions.

OOB Groups and their Roles

Workload Manager users may be assigned to one or more groups. Each group, in turn, may contain one or more roles, where each role gives the user certain permissions. The following table summarizes the OOB groups for Workload Manager and their associated roles.

OOB Group

Associated Roles

Workload Manager admins

WM_ADMIN, SUITE_TENANT_ADMIN, SUITE_USER_ADMIN

Workload Manager Standard User

WM_USER

Deployment Environment Managers

WM_ENVIRONMENT_MANAGER

Application Architects

WM_APPLICATION_ARCHITECT

Project Managers

WM_PROJECT_MANAGER

Policy Managers

WM_POLICY_MANAGER

Dev Ops Users

WM_DEV_OPS

Service Managers

WM_SERVICE_MANAGER

Image Managers

WM_IMAGE_MANAGER

OOB Roles and their Permissions

The following table summarizes the OOB roles for Workload Manager and their associated permissions sorted by increasing levels of permissions.

Role

Associated Permissions

WM_USER

Deploy applications, benchmark applications, view own deployments, view own VMs

WM_ENVIRONMENT_MANAGER

Create and manage deployment environments and policies

WM_APPLICATION_ARCHITECT

Create and manage application profiles

WM_PROJECT_MANAGER

Create and manage projects

WM_POLICY_MANAGER

Create and manage policies

WM_DEV_OPS

Create and manage custom on-demand and lifecycle actions

WM_SERVICE_MANAGER

Create and manage services

WM_IMAGE_MANAGER

Create and manage images

WM_ADMIN

All of the above permissions plus: create and manage clouds and cloud accounts

Creating a Read-Only User for Workload Manager

To create a read-only user, add the user ID as comma-separated values to the key read.only.user.ids= into cloudcenter-manager configmap. The CCM service will restart after you edit the configmap. The user with read-only permission can only operate GET call in CCM.


  • No labels
Terms & Conditions Privacy Statement Cookies Trademarks