解决了

棱镜中央RBAC分配

  • 2020年9月24日
  • 8回答说
  • 1823的浏览量
年代
徽章 +1
  • 蚊子
  • 开拓者
  • 14日回复

你好所有的,

我最近部署了Prism Central,我正试图让团队成员通过他们的AD帐户访问。我已经通过角色和发现我不能添加新的成员到预定义的角色;但是,如果我复制角色,我可以添加AD用户和组到新的角色。这对我来说是工作的,然而,当我复制一个角色,如“超级管理员”角色,我被警告,并不是所有的权限都将应用到新的角色,我将需要通过CLI创建新的角色来获得这些权限。好吧,这说得通。但是如何做到这一点的文档在哪里呢?有人能告诉我通过CLI执行这些角色创建任务的文档吗?

谢谢你,斯科特

图标

最佳答案Alona2020年10月16日

Are you able to log a Nutanix Support request?\u00a0 I believe this is a bug and an Engineering case will have more attention when it is directly associated with a customer case. Let me know if you log a support case, please, and I will grab the case number from you.<\/p>","className":"post__content__best_answer"}">
查看原始
Hello All,<\/p>

I have recently deployed Prism Central and I am trying to give team members access via their AD accounts. I have went through the roles and discovered I cannot add new members to the predefined roles; however, if I duplicate the roles I can add AD users and groups to the new roles. This works for me however when I duplicate a role such as the \u201cSuper Admin\u201d role I am warned that not all permissions are going to apply to the new role and I would need to create the new role via CLI to get these permissions. Ok fine that makes some sense. But where is the documentation on how to do that? Can someone point me to the documentation to perform these role creation tasks via CLI?<\/p>

Thanks, Scott<\/p>

\u00a0<\/p>","quoteUsername":"skeeter","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

本主题已关闭供评论

8回答说

R
排名
Userlevel 2
徽章 +3

我建议检查文档和搜索相关的配置:控制用户访问(RBAC)

Alona
排名
Userlevel 6
徽章 +5

你好蚊子,

如果您在编辑现有的角色映射时遇到困难,那么它听起来不正确,需要Nutanix支持来查看。

该消息建议使用API。你可以直接从PC Web控制台玩API(点击右上角的用户名并选择API浏览器)或转到Nutanix Dev门户。

我将搜索任何用API完成这个任务的例子。现在,我建议上传API社区空间。

Hi skeeter,<\/p>

If you have trouble with editing an existing role mapping that does not sound right and would need to be looked at by Nutanix Support.<\/p>

What the message suggests is to use API. You can either play with APIs directly from PC Web Console (click on user name in the top right corner and choose API explorer) or go to Nutanix Dev<\/a> portal.<\/p>

\"//www.jhbzcj.com/next/installation-configuration-23/\"<\/figure>

I will search for any examples of completing this task with API. For now I\u2019d suggest posting in API <\/a>space of the community.<\/p>","quoteUsername":"Alona","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

年代
徽章 +1

因为我在这里有点困惑,所以我添加了一些细节。所以我刚刚安装了Prism Central,我试图添加AD用户的角色内建到Prism Central。当我点击超级管理员角色,这是我看到的:

如你所见,我不能添加任何人到它,但我可以复制的角色。当我复制这个角色时,我收到了Alona上面发布的消息。所以我不应该重复角色吗?我是否可以将用户添加到已经存在的角色?一旦我复制了角色,我可以添加我的AD帐户到复制的角色,但当然他们没有相同的权限。如果这是设计好的,我没有问题在API空间发布这个。

谢谢,

斯科特

Ok since I am getting a little confused here I add some more detail. So I have just installed Prism Central and I am trying to add AD users to the roles built into Prism Central. When I click on the super Admin role this is what I see:<\/p>
\"//www.jhbzcj.com/next/installation-configuration-23/\"<\/figure>

As you can see I cannot add anyone to it but I can duplicate the role. When I duplicated the role I got the message that Alona posted above. So am I not supposed to duplicate roles? Should I be able to add users to the roles that already exist? Once I duplicated the role I can add my AD accounts to the duplicated role but of course they don\u2019t have the same permissions. I have no issues posting this in the API space if this is by design.<\/p>

\u00a0<\/p>

Thanks,<\/p>

Scott<\/p>","quoteUsername":"skeeter","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

Alona
排名
Userlevel 6
徽章 +5

我认为你想做的是角色映射。

角色是权限的列表。然后将该角色映射到用户或组。这被称为角色映射。这样做是为了允许您在多个用户和组中重用角色。

配置角色映射

当需要为某些用户分配超级管理员权限时,需要通过“角色映射”将超级管理员角色与该用户关联。

让我知道这是否有意义,或者如果你知道,但我误解了你。

年代
徽章 +1

这不是我想做的,阿洛娜。如果我去角色映射(如上所示的屏幕截图),我只能提供查看器,用户管理,集群管理。我想使用Prism Central提供的更细粒度的角色。但是,正如您在我的屏幕截图中看到的那样,我不能对Prism Central提供的默认角色进行任何角色映射。

我必须创造新的角色。但是,当我复制角色“超级管理员”时,我得到你上面发布的消息(从角色....复制96个权限中的82个)。因此,我只需要一个API参考页面来展示如何使用API创建角色。

通过上图,您可以看到我可以将AD用户和组映射到我创建的新角色。但是,新角色与默认的超级管理员角色不同,因为缺少14个权限。

This is not quite what I want to do Alona. If I go under role mapping (As shown in you screen shot above) I can only provide Viewer,User Admin, Cluster Admin. I want to use the more granular roles that are provided in Prism Central.\u00a0However, as you can see in my screen shot I cannot do any role mapping with the default roles provided in Prism Central.<\/p>
\"//www.jhbzcj.com/next/installation-configuration-23/\"<\/figure>

I have to create new roles. However, when I duplicate the role \u201cSuper admin\u201d I get the message you posted above (Copied 82 of 96 permissions from role\u2026.). So I just need a API reference page to show me how to create the roles with the API.\u00a0<\/p>

\u00a0<\/p>

\"//www.jhbzcj.com/next/installation-configuration-23/\"<\/figure>

With the above image you can see that I can map my AD users and groups to a new role I have created. However the new role is not the same as the default super admin role because of the missing 14 permissions.\u00a0<\/p>","quoteUsername":"skeeter","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

Alona
排名
Userlevel 6
徽章 +5

很抱歉耽搁了。谢谢你提供的细节。我能够重现这个问题。只是想确保我没有错过什么。我会回复你的。

My apologies for the delay. Thank you for providing the details. I was able to reproduce the issue. Just making sure that I am not missing anything. Will get back to you.<\/p>","quoteUsername":"Alona","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
Alona
排名
Userlevel 6
徽章 +5

你能记录一个Nutanix支持请求吗?我认为这是一个错误,当一个工程案例与一个客户案例直接相关时,它会得到更多的关注。如果你登记了一个支持案例,请告诉我,我会从你那里拿到案例编号。

Are you able to log a Nutanix Support request?\u00a0 I believe this is a bug and an Engineering case will have more attention when it is directly associated with a customer case. Let me know if you log a support case, please, and I will grab the case number from you.<\/p>","quoteUsername":"Alona","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
年代
徽章 +1

我已经登记了一个箱子,我的箱子号是:00889500

I have logged a case and my case number is: 00889500<\/p>","quoteUsername":"skeeter","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
条款和条件
Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">
Baidu