Create and Manage Users

Overview

From the Suite Admin perspective, a user refers to two main roles: the suite administrator and the tenant administrator.

The Users List Page

When you navigate to the Users page from the Suite Admin Dashboard, you see a summary of configured users at the top of the page which displays the following details:

  • The total number of CloudCenter Suite users

  • The total number of Suite Admin users

  • The total number of Workload Manager users

  • The total number of Action Orchestrator users

  • The total number of Cost Optimizer users

  • The total number of cross-module users – users who can access multiple CloudCenter Suite modules.

Any user who is a member of the Suite Admin, Product Admin, or Module Admin groups are identified by the admin icon (displayed in the following screenshot) attached to their profile display.

The Groups column identifies the groups to which each admin belongs. 

The Suite Administrator

The suite administrator:

  • Is configured as part of the Initial Administrator Setup process. 

  • Is responsible for all user roles for all modules. As such, all CloudCenter Suite of modules share the same user base.

  • Can add other suite administrators.

    Suite Administrator must exercise control over the number of suite administrator configured for the CloudCenter Suite as they have the highest level of permissions and privileges in the CloudCenter Suite!

You can add additional users in the Suite Admin or for each module beyond the OOB Suite Admin Groups. These users can be assigned to any module, group, or tenant depending on why they were added in the first place.

Groups have roles and depending on the group to which a user is added, that user inherits the roles associated with the assigned group.


Tenant Administrator

A user created with administrative permission at the tenant level is referred to as a Tenant AdminA tenant admin does not have visibility into the Suite Admin Dashboard

  • While each user can be assigned a specific role with access to individual modules, each module also has its' own pre-defined roles and groups. 

  • The Suite Admin leaves it to the tenant admin to manage these roles and groups at the tenant level for each module.

  • While a suite administrator can add unlimited tenant admins, it is better to have close control on the number of tenant admins for each module as they have the highest level of permissions and privileges for that module.

Tenant admins can perform the following tasks:

  • Manage users, groups and tenants WITHIN their tenant hierarchy.

  • Access modules made available for their tenant(s).

  • Execute a subset of tasks as permitted by the suite administrator or their parent tenant.

The following image identifies a sample multi-tenant environment.

Each (sub)tenant does not have any default suite admin group and cannot execute Module Lifecycle Management or Kubernetes Cluster Management functions – they can only execute User Tenant Management functions at their tenant level.

Create a User 

To create a CloudCenter Suite user, follow this procedure.

  1. Navigate to the Suite Admin Dashboard > Users page.

  2. Click Add User.

  3. Enter the details for this user in the Add User form.

  4. Optional. Disable the Auto Generate Password switch if you prefer to provide your own password. If enabled, the system sends an email to the user with the link so the user can generate the password. 

    To use this feature, you should have already configured the Base URL and the Email Setup to ensure that the URL is accessible and that an email can be sent to the user. See Base URL Configuration and Email Settings for additional details.

    Be sure to configure these two functions before opting to send an email to the user as this information is required to construct the links to reset the password for a new or existing user.

  5. Optional. Provide name-value pairs for the field to be displayed and the value to be provided so the user can add more information at a later point. Some examples of name-value pair can be Designation, Badge ID, Location, Department, Phone, and other details.

  6. Select the group(s) to which this user must belong. 

    A user without a group can only view the landing page and not be able to navigate anywhere else!  

  7. Click Save. The newly added user can now be added to any group.


Until you add this newly-created user to a group, this user will have no role or ability to perform any actions.

Create Another Suite Administrator 

To create another suite administrator for the Suite Admin, besides the administrator created as part of the Initial Administrator Setup process, follow this procedure.

  1. Follow the process above to Create a User.

  2. Navigate to the Suite Admin Dashboard > Groups page.

  3. Locate the suite administrator group to which you want to add this user.

  4. Assign the newly added user to the suite administrator group.

This newly-assigned suite administrator now has all administrative abilities associated with the suite administrator group. 

Create a Tenant Administrator

To create a tenant admin, follow this procedure.

  1. Follow the process above to Create a User.

  2. Navigate to the Suite Admin Dashboard > Groups page.

  3. Locate the tenant admin group to which you want to add this user.

  4. Assign the newly added user to the tenant admin group.

This newly-assigned tenant admin now has all administrative abilities associated with the tenant admin group. 

Create a User with a Module-Specific Role

A module administrator refers to a user who can administer any of the CloudCenter Suite modules. The suite administrator can add a user to a module-specific role to make this user a module administrator. See Understand Roles for details.

Importing User Data

To import Active Directory data, you must follow a manual process to import user data. See SSO Setup for additional details.

Disabled Users

Only a suite administrator can disable a user. Once disabled, the user's profile updates to display this state

User Actions

On the Users list page, the Actions column displays a dropdown list of actions that each user can perform based on group membership and permissions. The list display begins with the available Suite Admin action for this user followed by the module-level actions. 

The following table identifies the actions available at the Suite Level.

Suite-Level Actions

Multi-Select Action?

Description

Edit User

No

Users with suite administrator permissions and/or tenant administrator permissions for this tenant can edit any user's profile by changing the first/middle/last name and email, Configure metadata details, Configure groups, Reset password, or disable the user.

Once disabled, you must first enable a user to assign the user to a group and to see other Actions for this user.

Reset PasswordNo
Disable/Enable UserYes

Delete User

Yes
Manage GroupsNo

Users with suite administrator permissions and/or tenant administrator permissions for this tenant can manage groups. See Custom Groups by Admin for additional details.

Module-Level Actions

This is a fluid list based on which module-specific actions were made available for each tenant, user, and module. See Manage Module-Specific Content for additional details
Generate API KeyA suite administrator can generate an API key for any user. See API Key for details.



  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved