6.1.1 Available Features with RBAC Base Tenant Access in vRealize Operations Manager
Base level feature requirements for service provider usage of vRealize Operations Manager include the following:
• Provide customer access
Because vRealize Operations Manager provides a web-based user interface, it is easy to provide customer access without needing to distribute an application. Login can be managed through central LDAP and local user accounts.
• Limit object visibility based on RBAC
While providing access is relatively simple, one of the big challenges is to limit access to only relevant objects for the tenant/customer. vRealize Operations Manager provides dynamic groups and custom group types, which allow you to link all objects and apply permissions for only these groups.
• Group tenant/customer objects
Often the service provider must group objects by customer to not only have all objects in direct access, but also to operate specific profiles/SLAs on them. Ideally, the same grouping as described in the previous point can be used.
• Customer-specific permissions/features
Some service providers want to limit functionality based on packaging, such as base monitoring, reporting, capacity management, and so on. Specific roles can be created to allow a customer only the features that are based on the service provider definition.