Before I start on main topic of I would like to highlight vCAC as product has three main components which needs to be explore, blogged or documented very well
Reason we don’t see much on this yet, as it is evolving field. Not one person knows or have these skill sets. These components makes perfect orchestration layer but expects broad skill sets which are difficult to find. I’m mostly blogging on vCAC core stuff. But people expect a lot from vCAC Extensibility. It is skill which needs attention, understanding and has huge scope.
Below are frequently asked questions about various roles available in vCAC or I asked myself. This question helps me define Role Based Access control model for vCAC. Hope it also helps you too.
Who has rights to create blueprint?
It is Tenant Administrator role and Business group manager has rights to create blueprint
Who has rights to create reservations?
Fabric Administrator has rights to create reservation. Reservation can be shared between the tenant BUT only if the fabric is shared.
Below is the example of shared fabric. I created a single fabric (i.e. mapped three different cluster to it) which will allow fabric administrator to choose from the cluster (i.e. compute resources) and assign them to tenants.
In such model, reservations are visible across the tenants. It means Fabric administrator plays shared role in managing fabric.
Who has rights to create prefix?
Machine prefix are created by Fabric Administrator, can be created by tenant administrator.
Who has rights to create network profile?
Network profiles are created by Fabric Administrator
Who has rights to create business groups?
Business groups are created by Tenant Administrator
Who has rights to create fabric group?
Only Infrastructure administrator can create fabric group
Who has rights to create reservation policies?
Fabric administrator creates reservation policies
Who has rights to create & Published blueprints (a.k.a Catalog items)?
Tenant Administrator can create and publish blueprints.
Business group manager can only create blueprints
Who has rights to create services?
Only Tenant Administrator can create services
Who can creates approval policies?
Only tenant administrator can create approval policies
Who can create entitlements?
Tenant Administrator and Business group manager can create entitlements
Disclaimer: This above post based on my observation in my lab. I might be wrong. More than happy to be correct, from mistakes we learn