2.3.4 Importing Groups
The purpose of importing groups into vCloud Director for Service Providers is to allow you to avoid manually importing individual users with the same role. When LDAPv3 users log in, their session is assigned the roles that are mapped to the groups of which they are members. As users’ group memberships change based on updates to their duties within their organizations, the roles assigned to those users change automatically based on the group to role mapping. This allows organizations to easily integrate cloud roles with internal Organization groups/roles and the systems that provision and manage them.
As an example, an Organization might decide to initially grant LDAPv3 users only the “Console Access Only” role to limit users’ rights. To do so, all users that need this basic role are added to a single LDAPv3 group, and when that group is imported, the organization administrator assigns it the Console Access Only role. Then, those users who are required to perform additional job duties can be added to other LDAPv3 groups, also imported to vCloud Director for Service Providers, and assigned to these more privileged roles. For instance, users with a need to create catalogs could be added to the “Cloud A Catalog Author” group in the organization’s LDAP server. Then the organization administrator can import the Cloud A Catalog Author group and map it to the predefined Catalog author role in vCloud Director for Service Providers.