Skip to main content

How to enforce Day2 Action Policy in vRA 8.x

It's bit different when compared to vRA 7.x versions. If you do not have any Day 2 Action policies defined, then no governance is applied and all users have access to all the actions by default in vRA 8.x.Okay, let see this with an example

By default all the deployments/machines are entitled with all actions for all users in the organization


Once you a define Day 2 Action policy it goes into effect for specified users of vRA service broker and Cloud assembly. As a result, only the users for whom the first policy is true can run the selected actions. All others are excluded.

I have created a Day2 Action policy to change deployment lease and create snapshot of cloud machine for Administrator user in the entire organization(includes all projects in the organization).


As you can see below I logged in with an project administrator user and I am entitled with enforced Day2 action created and this will be applied for existing deployment as well.


When I logged as a project member user as below I am not entitled for any Day2 actions


Hope this gives an idea of how day2 action policy works in vRA 8.x.

Labels:

Comments

Post a Comment

Popular posts from this blog

Deleting stale kubernetes clusters in vCD

Unlike the previous version the CSE 4.x is a stateless appliance and its data is stored in VMware Cloud Director Database.  The cluster creation and deletion compared with CSE 3.x version has improved. Besides, there are some scenarios where the cluster deletion is failing even when the "Force Delete" option is chosen. We can use vCD API explorer to delete it, the following are the API queries you can execute  Under definedEntity POST /1.0.0/entities/{id}/resolve DELETE /1.0.0/entities/{id}
Post a Comment
Read more

Manage RabbitMQ using VCP LCM

I have been working in vCD for quite some time, and most of the implementation engineers or consultants faced issues during the deployment or upgrade of RabbitMQ for the vCD message queuing service. From vCD 10.2.2, we can use the built-in MQTT client instead of RabbitMQ however, for VCD multisite configuration or some 3rd party applications need RabbitMQ, such as Veeam or VMware HCX. Using the VCP LCM, we can create a new RabbitMQ environment or manage an existing environment. The reason for this blog is that none of the VMware documentation has the information that registering an existing RMQ instance is only going to work if the RMQ instance was previously deployed by the VCP LCM (or at least, if it is a similar setup based on a Bitnami RMQ VM). Other RMQ instances (e.g., running in CentOS) are not supported and cannot be imported into the VCP LCM 1.5. I hope this information will be useful for someone who is performing green field deployment or upgrading an existing setup.  
Post a Comment
Read more