Skip to main content

How to enforce Day2 Action Policy in vRA 8.x

It's bit different when compared to vRA 7.x versions. If you do not have any Day 2 Action policies defined, then no governance is applied and all users have access to all the actions by default in vRA 8.x.Okay, let see this with an example

By default all the deployments/machines are entitled with all actions for all users in the organization


Once you a define Day 2 Action policy it goes into effect for specified users of vRA service broker and Cloud assembly. As a result, only the users for whom the first policy is true can run the selected actions. All others are excluded.

I have created a Day2 Action policy to change deployment lease and create snapshot of cloud machine for Administrator user in the entire organization(includes all projects in the organization).


As you can see below I logged in with an project administrator user and I am entitled with enforced Day2 action created and this will be applied for existing deployment as well.


When I logged as a project member user as below I am not entitled for any Day2 actions


Hope this gives an idea of how day2 action policy works in vRA 8.x.

Labels:

Comments

Post a Comment

Popular posts from this blog

Deleting stale kubernetes clusters in vCD

Unlike the previous version the CSE 4.x is a stateless appliance and its data is stored in VMware Cloud Director Database.  The cluster creation and deletion compared with CSE 3.x version has improved. Besides, there are some scenarios where the cluster deletion is failing even when the "Force Delete" option is chosen. We can use vCD API explorer to delete it, the following are the API queries you can execute  Under definedEntity POST /1.0.0/entities/{id}/resolve DELETE /1.0.0/entities/{id}
Post a Comment
Read more

Building My First AI Chatbot with Azure OpenAI Services

In April 2024, I embarked on an exciting journey into the world of artificial intelligence (AI), starting with learning Python. Coming from an infrastructure-focused background, diving into AI development felt like a monumental shift. Without prior coding experience, I realized that building AI tools or training models from scratch would require a long-term commitment. However, I was determined to take small, practical steps toward understanding this fascinating field. Exploring cloud AI services from providers like AWS and Azure led me to Azure OpenAI services. This platform showed me how AI could be leveraged to create applications— like chatbots—without deep coding expertise. I was especially intrigued by concepts such as indexing, semantic search, and retrieval-augmented generation (RAG). These tools enabled me to build my first business use case: a Microsoft Teams chatbot designed to resolve internal queries and reduce dependency on subject matter experts (SMEs). This blog is a s...
Post a Comment
Read more

Manage RabbitMQ using VCP LCM

I have been working in vCD for quite some time, and most of the implementation engineers or consultants faced issues during the deployment or upgrade of RabbitMQ for the vCD message queuing service. From vCD 10.2.2, we can use the built-in MQTT client instead of RabbitMQ however, for VCD multisite configuration or some 3rd party applications need RabbitMQ, such as Veeam or VMware HCX. Using the VCP LCM, we can create a new RabbitMQ environment or manage an existing environment. The reason for this blog is that none of the VMware documentation has the information that registering an existing RMQ instance is only going to work if the RMQ instance was previously deployed by the VCP LCM (or at least, if it is a similar setup based on a Bitnami RMQ VM). Other RMQ instances (e.g., running in CentOS) are not supported and cannot be imported into the VCP LCM 1.5. I hope this information will be useful for someone who is performing green field deployment or upgrading an existing setup. ...
Post a Comment
Read more