解决了

Prism Central RBAC分配

  • 2020年9月24日
  • 8个答复
  • 1824年的观点
s
徽章 +1

大家好,

我最近部署了Prism Central,并试图通过其广告帐户使团队成员访问。我已经担任了角色,发现我无法将新成员添加到预定义的角色中;但是,如果我复制了角色,我可以将广告用户和组添加到新角色中。但是,这对我有用,但是当我复制诸如“超级管理员”角色之类的角色时,我警告说,并非所有权限都适用于新角色,我需要通过CLI创建新角色来获得这些权限。好的,这是有道理的。但是关于如何做的文档在哪里呢?有人可以将我指向文档以通过CLI执行这些角色创建任务吗?

谢谢,斯科特

图标

最好的答案阿罗纳2020年10月16日,06:56

Are you able to log a Nutanix Support request?\u00a0 I believe this is a bug and an Engineering case will have more attention when it is directly associated with a customer case. Let me know if you log a support case, please, and I will grab the case number from you.<\/p>","className":"post__content__best_answer"}">
查看原件
Hello All,<\/p>

I have recently deployed Prism Central and I am trying to give team members access via their AD accounts. I have went through the roles and discovered I cannot add new members to the predefined roles; however, if I duplicate the roles I can add AD users and groups to the new roles. This works for me however when I duplicate a role such as the \u201cSuper Admin\u201d role I am warned that not all permissions are going to apply to the new role and I would need to create the new role via CLI to get these permissions. Ok fine that makes some sense. But where is the documentation on how to do that? Can someone point me to the documentation to perform these role creation tasks via CLI?<\/p>

Thanks, Scott<\/p>

\u00a0<\/p>","quoteUsername":"skeeter","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

该主题已关闭以供评论

8个答复

r
秩
UserLevel 2
徽章 +3

我建议检查文档并搜索相关配置:控制用户访问(RBAC)

阿罗纳
秩
UserLevel 6
徽章 +5

嗨,Skeeter,

如果您在编辑现有角色映射时遇到麻烦,该角色映射听起来不正确,并且需要通过Nutanix支持来查看。

消息建议的是使用API​​。您可以直接从PC Web控制台使用API​​(单击右上角的用户名,然后选择API Explorer)或转到Nutanix Dev门户网站。

我将搜索使用API​​完成此任务的任何示例。现在我建议发布API社区的空间。

Hi skeeter,<\/p>

If you have trouble with editing an existing role mapping that does not sound right and would need to be looked at by Nutanix Support.<\/p>

What the message suggests is to use API. You can either play with APIs directly from PC Web Console (click on user name in the top right corner and choose API explorer) or go to Nutanix Dev<\/a> portal.<\/p>

\"//www.jhbzcj.com/next/installation-configuration-23/\"<\/figure>

I will search for any examples of completing this task with API. For now I\u2019d suggest posting in API <\/a>space of the community.<\/p>","quoteUsername":"Alona","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

s
徽章 +1

好的,因为我在这里有些困惑,所以我添加了更多细节。因此,我刚刚安装了Prism Central,我试图将广告用户添加到Prism Central中的角色中。当我单击超级管理员角色时,这就是我看到的:

如您所见,我无法将任何人添加到其中,但我可以复制角色。当我重复角色时,我收到了Alona上面发布的信息。所以我不应该重复角色吗?我应该能够将用户添加到已经存在的角色中吗?一旦我重复了角色,我就可以将广告帐户添加到重复的角色中,但是当然,它们没有相同的权限。如果是设计,我没有问题在API空间中发布。

谢谢,

斯科特

Ok since I am getting a little confused here I add some more detail. So I have just installed Prism Central and I am trying to add AD users to the roles built into Prism Central. When I click on the super Admin role this is what I see:<\/p>
\"//www.jhbzcj.com/next/installation-configuration-23/\"<\/figure>

As you can see I cannot add anyone to it but I can duplicate the role. When I duplicated the role I got the message that Alona posted above. So am I not supposed to duplicate roles? Should I be able to add users to the roles that already exist? Once I duplicated the role I can add my AD accounts to the duplicated role but of course they don\u2019t have the same permissions. I have no issues posting this in the API space if this is by design.<\/p>

\u00a0<\/p>

Thanks,<\/p>

Scott<\/p>","quoteUsername":"skeeter","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

阿罗纳
秩
UserLevel 6
徽章 +5

我认为您想做的就是称为角色映射。

角色是权限清单。然后,您将该角色映射到用户或组。这就是所谓的角色映射。这样做是为了使您能够与多个用户和组重复使用角色。

配置角色映射

如果要分配某些用户SuperAdmin权限,则需要通过角色映射将SuperAdmin角色与用户关联。

让我知道这是否有意义,还是您陌生的,但我误解了您。

s
徽章 +1

这不是我想做的。如果我在角色映射下进行映射(如上图所示),我只能提供查看器,用户管理员,群集管理员。我想使用Prism Central提供的更精细的角色。但是,正如您在屏幕截图中看到的那样,我无法使用Prism Central提供的默认角色执行任何角色映射。

我必须创建新角色。但是,当我复制“超级管理员”角色时,我会收到您在上面发布的消息(从角色中复制了96个许可中的82个……)。因此,我只需要一个API参考页来向我展示如何使用API​​创建角色。

使用上图,您可以看到我可以将我的广告用户和组映射到我创建的新角色。但是,由于缺少14个权限,新角色与默认超级管理员角色不同。

This is not quite what I want to do Alona. If I go under role mapping (As shown in you screen shot above) I can only provide Viewer,User Admin, Cluster Admin. I want to use the more granular roles that are provided in Prism Central.\u00a0However, as you can see in my screen shot I cannot do any role mapping with the default roles provided in Prism Central.<\/p>
\"//www.jhbzcj.com/next/installation-configuration-23/\"<\/figure>

I have to create new roles. However, when I duplicate the role \u201cSuper admin\u201d I get the message you posted above (Copied 82 of 96 permissions from role\u2026.). So I just need a API reference page to show me how to create the roles with the API.\u00a0<\/p>

\u00a0<\/p>

\"//www.jhbzcj.com/next/installation-configuration-23/\"<\/figure>

With the above image you can see that I can map my AD users and groups to a new role I have created. However the new role is not the same as the default super admin role because of the missing 14 permissions.\u00a0<\/p>","quoteUsername":"skeeter","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

阿罗纳
秩
UserLevel 6
徽章 +5

我为延迟表示歉意。感谢您提供详细信息。我能够复制这个问题。只是确保我不会错过任何东西。会回到你身边。

My apologies for the delay. Thank you for providing the details. I was able to reproduce the issue. Just making sure that I am not missing anything. Will get back to you.<\/p>","quoteUsername":"Alona","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
阿罗纳
秩
UserLevel 6
徽章 +5

您可以记录Nutanix支持请求吗?我相信这是一个错误,当与客户案件直接相关时,工程案例将受到更多关注。请让我知道,如果您记录了支持案例,请从您那里获取案例号。

Are you able to log a Nutanix Support request?\u00a0 I believe this is a bug and an Engineering case will have more attention when it is directly associated with a customer case. Let me know if you log a support case, please, and I will grab the case number from you.<\/p>","quoteUsername":"Alona","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
s
徽章 +1

我已经记录了一个案例,我的案件号是:00889500

I have logged a case and my case number is: 00889500<\/p>","quoteUsername":"skeeter","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
条款和条件
Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">
Baidu