Separation of Duties

CloudControl provides the capability to define roles as a collection of privileges on a per-role basis, allowing system administrators to control which CloudControl roles can perform what operations within the virtual infrastructure. This is called separation of duties.

1. Select Policy >  Roles.

2. On the Roles page, click on the name of the role for which you want to manage.

3. On the Edit Role page, check the checkbox next to a privilege to allow or deny the operation on the specified vCenter managed object type for this role. If the checkbox is partially checked, then some operations at a lower level are allowed.

4. Click OK to save the changes.