Creating an Access Control Trust Manifest from the CloudControl GUI

When names are required, you can use alphanumeric characters and spaces, but no special characters except _ (underscore), - (hyphen), and . (period).

  1. From the Home tab, select Security > Trust Manifests.

  2. On the Manage Trust Manifests page, select Actions > Create Trust Manifest.

  3. On the Details tab of the Create Trust Manifest page, enter the name and optional description for the trust manifest.
  4. Select Access Control in the Policy Type field.

  5. In the Access Control Policy section, complete the following: 

    Field

    Description

    Name

    Enter the name of the rule.

    Description

    Enter the optional description of the rule.

    Role

    Select the role to be assigned to the rule. See Viewing Roles.

    Subjects

    Enter the user or group to be assigned to the role. The AD domain is displayed automatically. Type to search for the group or user that you want to use.

    Constraints

    Constraints

    Resource Tag

    Enter the additional selection criteria based on tags that are applied to a resource.

    1. Select the tag information and a resource. If you select Equals, then the rule will be applied only to resources of the specified type with the specified tag and tag value.

    2. Select where the tag originated. This can be one of the following: 

      • All Tag Origins—Applies to all CloudControl and Platform tags.
      • Appliance Console—Applies to CloudControl tags.

      • Platform—Applies to all imported tags from the specific platform (vSphere, NSX-T, or Kubernetes) associated with the policy.

      We suggest that you use Appliance Console as it can apply to all types of resources across platforms in CloudControl.

    3. Click Add.

    Subject

    Select the type of access for the user allowed to perform the action: 

    • Access Location—Enter the IP address or range that can be used for access.
    • Access Method—Enter the type of method that can be used, for example, vSphere SDK or REST.
    • Access Time—Enter the times when the user can perform the action.

  6. Click one of the following: 

    • Validate—Validate the draft or existing trust manifest.
    • Save—Save the trust manifest as a draft.

    • Save and Publish—Save the trust manifest and publish it.

    Or click the Cancel link to close the trust manifest without saving.