Understanding the user details view for authorized resources

When viewing details for system users, you can see counters for various cloud resources that the user is authorized to access based on which access rights have been granted to the user.

The following four types of resources, which are managed on the console, support access rights permissions:
  • Cloud groups
  • IP groups
  • Virtual machines
  • Virtual appliances

Depending on which role the user has been granted, not all cloud resources are visible on the user interface.

Granting or revoking resource access rights on the console requires the authorization roles of Security administration with Manage security (Full permission) and Allow delegation when Full permission is selected.

The Console > System > Users page lists the resources a selected user is authorized to view. In 2.3.3.3 or later, navigate to Security and access > Users.

The resources shown for each user depend on the authorization roles of the user logged into the console. To view other users' resources and associated details, you must have both the View all cloud resources (Read-only) and View all security resources (Read-only) roles. Being assigned the View users/groups (Read-only) role by itself is not sufficient to view other users' resources and details.

The workload resources shown are only those visible from the console, therefore virtual systems and virtual applications are not included.

Authorized users can add new users and grant them access to the virtual system instance. However, new users will not have access to manage the individual virtual machines associated with the virtual system instance even if they are granted all access to the virtual system. Users must be explicitly granted access to individual virtual machines by the owner or other authorized resource manager who is granted the Manage workload resources (Full permission) role.

Table 1. Visible resources based on user authorization
Authorization roles Resource views
Security administration > Workload administration >  
View users/groups (Read-only) Any None (shows 0 in total on panel)
View all security resources (Read-only) Not set Can list owned + authorized but cannot see virtual machine details
View all security resources (Read-only) View all cloud resources (Read-only) Can list owned + authorized