Overview

When a user logs into the KeyControl webGUI, the options displayed in the webGUI depend on two things: the privileges associated with the user's account and the Cloud Admin Groups to which the user account has been assigned.

When you register a VM with KeyControl, you must assign that VM to a Cloud VM Set. In turn, every Cloud VM Set must be assigned to a Cloud Admin Group that defines which users can see and maintain the VMs assigned to the Cloud VM Set.

The relationship between Cloud Admin Groups and Cloud VM Sets is one to many. While each Cloud VM Set can only be associated with one Cloud Admin Group, each Cloud Admin Group can contain any number of Cloud VM Sets.

When you create a Cloud Admin Group, you can associate any number of KeyControl user accounts or Active Directory (AD) Security groups with that Cloud Admin Group. As soon as you assign a Cloud VM Set to that group and you register a VM with that Cloud VM Set, all the KeyControl users and AD Security group members associated with the Cloud Admin Group can see and manage that VM.

The following figure shows an example of the relationship between KeyControl users, Cloud Admin Groups, and Cloud VM Sets. In this example:

• Jim and Carol both have KeyControl-managed user accounts assigned to the Cloud Admin Group "AWS IBM VMs". They are responsible for the VMs in the Cloud VM Sets "Amazon AWS" and "IBM Bluemix".  When they log in, they cannot see any of the VMs that have been registered with the "Microsoft Azure" Cloud VM Set.
• Jon has a KeyControl-managed user account, and both his account and the Active Directory Security group "Azure Cloud Admins" have been assigned to the Cloud Admin Group "Azure VMs". Jon and all the members of the AD Security group are responsible for the VMs in the Cloud VM Set "Microsoft Azure". When Jon or any of the AD Security group members log into KeyControl, they can only see the VMs in the "Microsoft Azure" Cloud VM Set.