OOB Suite Admin Groups

Overview

Default out-of-box (predefined) groups provide a majority of the required functionality to module users. As such, enterprises will not need to create custom groups unless, this group is extremely specific to their environments. At each level, any CloudCenter Suite user can be assigned to one of the following predefined groups:

  • Suite Level: The Suite Administrator Group
  • Tenant Level: The Tenant Administrator Group
  • Module Level: The Module Administrator Group

The Suite Admin Group

The Suite Admin group can execute the following roles and functions:

Users in this group have access to the entire Suite Admin functionality. Additionally, if a user in this group installs a module, the default roles for that module are also assigned to this user.

The suite administrator can add any user to the Suite Admin.

The Tenant Admin Group

The Tenant Admin group can execute the roles and function for User Tenant Management at the tenant level (for tenant or sub-tenant, depending on permissions and ownership).

Users in this group manage all users, groups, and sub-tenants within their own tenant. Additionally, if a user in this group installs a module, the default roles for that module are also assigned to this user.

The Module Admin Group

The Module Admin group can execute the roles and function for User Tenant Management at the module level (not for a tenant or sub-tenant).

Users in this group have access to module-specific functionalities. A user in this group can automatically manage all users and groups for this module. For example, a Workload Manager admin can create a custom service and restrict that service to some users, but cannot delete or create a tenant.

Admin User Restrictions

No administrator can perform the following functions:

  • Remove themselves from a default group
  • Disable or delete a default group
  • Reset their own password
  • Create a new group with a suite administrator role

Active Directory Mapping

As a module admin, be aware that you can use SAML configuration for Active Directories to map existing  enterprise users to the default Suite Admin groups or to default module group(s). See SSO Setup for additional context.

  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved