Skip to content

Commit

Permalink
Merge branch 'master' of https://github.com/wavefrontHQ/docs into mar…
Browse files Browse the repository at this point in the history 
…i-rebranding

# Conflicts:
#	pages/doc/csp_invite-AoA-users_tutorial.md
#	pages/doc/csp_user_management.md
  • Loading branch information
@mmihaylovam
mmihaylovam committed Apr 15, 2024
2 parents ec15e6a + 761da56 commit ce0448e
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 35 deletions.
73 changes: 40 additions & 33 deletions pages/doc/csp_invite-AoA-users_tutorial.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ keywords:
tags: [tutorials]
sidebar: doc_sidebar
permalink: csp_new_users_tutorial.html
summary: Learn how to invite new users to Tanzu Observability (formerly known as VMware Aria Operations for Applications) through the VMware Cloud Services Console.
summary: Learn how to invite new users to VMware Tanzu Observability (formerly known as VMware Aria Operations for Applications) through the VMware Cloud Services Console.
---

Starting July 3, 2023, Tanzu Observability is a service on the VMware Cloud services platform. After this date, we support two types of subscriptions:
Expand All @@ -22,15 +22,20 @@ To invite users, you must have the VMware Cloud **Organization Owner** or **Orga

## Roles to Assign

When you invite new users, you must assign them:
To invite new users, you assign them:

* A role within the VMware Cloud organization, such as **Organization Administrator**, **Organization Owner**, or **Organization Member**.
* A role within the VMware Cloud organization, such as **Organization Administrator**, **Organization Owner**, or **Organization Member**. See [What organization roles are available in VMware Cloud services](https://docs.vmware.com/en/VMware-Cloud-services/services/Using-VMware-Cloud-Services/GUID-C11D3AAC-267C-4F16-A0E3-3EDF286EBE53.html) in the VMware Cloud services documentation.

Note that you can assign the **Organization Owner** role to another user only if you have the **Organization Owner** role.

* A role within the Tanzu Observability service instance.
* A role within the Tanzu Observability service instance. We provide a number of [Tanzu Observability service roles](csp_users_roles.html#tanzu-observability-service-roles-built-in).

Note that in a multi-tenant Tanzu Observability environment, you must specify the service instance (tenant) for which you want to assign the service role. You can assign different service roles for different service instances (tenants). You invite the users only to the tenants for which you assigned them service roles.

* Optionally, a custom role created in the VMware Cloud organization. [Custom roles](csp_users_roles.html#create-edit-or-delete-a-custom-role) are composed of different service permissions.

Note that a custom role with a Tanzu Observability permission applies only if the user has at least one Tanzu Observability service role. In a multi-tenant Tanzu Observability environment, custom roles apply to all service instances (tenants) for which the user has at least one Tanzu Observability service role.

Optionally, you can also assign a custom role created in the VMware Cloud organization. Custom roles are composed of different service permissions.

## Verify That You Have the Required Organization Role

Expand All @@ -52,9 +57,10 @@ VMware Cloud uses organizations to provide controlled access to one or more serv
1. Click your username and click **My Account**.
2. On the **My Roles** tab you can see what organization roles are assigned to you.

If do not have the VMware Cloud **Organization Owner** or **Organization Administrator** role assigned, you need to request them. To understand who the VMware Cloud **Organization Owner** or **Organization Administrator** users are, you can chat with VMware Support or file a VMware Cloud services support request. See [How do I get support](https://docs.vmware.com/en/VMware-Cloud-services/services/Using-VMware-Cloud-Services/GUID-E4DC731F-C039-4FB2-949E-9A61584CD5BF.html) in the VMware Cloud services product documentation.
If you do not have the VMware Cloud **Organization Owner** or **Organization Administrator** role assigned, you need to request them. To understand who the VMware Cloud **Organization Owner** or **Organization Administrator** users are, you can chat with our Technical Support team or file a VMware Cloud services support request. See [How do I get support](https://docs.vmware.com/en/VMware-Cloud-services/services/Using-VMware-Cloud-Services/GUID-E4DC731F-C039-4FB2-949E-9A61584CD5BF.html) in the VMware Cloud services product documentation.


## Invite a New User and Assign Service Roles Only
## Example 1: Invite a New User and Assign Service Roles

We provide a number of built-in Tanzu Observability service roles.

Expand All @@ -73,23 +79,26 @@ For more information, see [Tanzu Observability Roles (Built-in)](csp_users_roles

### Step 2: Assign Roles and Invite the User

In a multi-tenant environment, you can assign different service roles for each Tanzu Observability instance. Let's first assign the mandatory organization role and then we will assign different service roles for two Tanzu Observability instances.
In a multi-tenant environment, you assign service roles on a tenant basis. You can assign different service roles for different Tanzu Observability instances (tenants). Lets first assign the mandatory organization role and then assign different service roles for two Tanzu Observability instances.

1. Select a mandatory organization role to assign.
1. Under **Assign Organization Roles**, select a mandatory organization role to assign.

The **Organization Member** role is selected by default and is the minimum mandatory role to assign.

You can also assign an additional role. For example, **Support User**. This means that the user will have read-only access to the VMware Cloud organization resources and will be able to submit and manage support tickets. For information about the VMware Cloud organization roles, see [What Organization roles are available in VMware Cloud Services](https://docs.vmware.com/en/VMware-Cloud-services/services/Using-VMware-Cloud-Services/GUID-C11D3AAC-267C-4F16-A0E3-3EDF286EBE53.html).
You can also assign an additional role, for example, **Support User**. This means that the user will have read-only access to the VMware Cloud organization resources and will be able to submit and manage support tickets. For information about the VMware Cloud organization roles, see [What Organization roles are available in VMware Cloud Services](https://docs.vmware.com/en/VMware-Cloud-services/services/Using-VMware-Cloud-Services/GUID-C11D3AAC-267C-4F16-A0E3-3EDF286EBE53.html).

![A screenshot with the Organization Member role, selected by default and the Support user additional role selected.](images/csp-mandatory-roles.png)

2. Assign Tanzu Observability service roles for the first Tanzu Observability instance.
1. Click **Add a Service**.
1. From the drop-down menu, select **Tanzu Observability**.
2. Assign Tanzu Observability service roles for the first Tanzu Observability instance (tenant) to which you want to invite the new user.
1. Under **Assign Service Roles**, click **Add a Service**.
1. From the first drop-down menu, select **VMware Tanzu Observability**.
![A screenshot with the Tanzu Observability service selected.](images/csp-select-service.png)
1. From the **in** drop-down menu, select the service instance to which you want to invite the new user.
1. From the **in** drop-down menu, select the target service instance (tenant).
![A screenshot with the Tanzu Observability service instance selected.](images/csp-select-aoa-service.png)
1. Assign the service roles to the user.

{% include note.html content="This drop-down menu is available only for multi-tenant environments. If you want to grant access to all tenants, you must assign service roles for each tenant individually (see the next Step 3). If you miss selecting the target service instance, the users receive the `401 Unauthorized: User has no access to service` error message when trying to access that tenant."%}

1. From the **with roles** drop-down menu, select the service roles to assign for the selected service instance (tenant).

Let's say that the user you're inviting will:

Expand All @@ -103,28 +112,28 @@ In a multi-tenant environment, you can assign different service roles for each T
![A screenshot with the Tanzu Observability roles selected.](images/csp-assign-service-roles.png)
1. Leave the never expires access field as is.

3. Assign the **Super Admin** service role for another Tanzu Observability instance.
3. Assign another Tanzu Observability service role for the second Tanzu Observability instance (tenant) to which you want to invite the new user.

1. Click **+ Add an Instance**.
1. From the **in** drop-down menu, select the other service instance to which you want to invite the new user.
1. From the **in** drop-down menu, select the target service instance (tenant).
![A screenshot with the Tanzu Observability service instance selected.](images/csp-select-another-service.png)
1. Assign the **Super Admin** service role to the user.
1. From the **with roles** drop-down menu, select the **Super Admin** service role, so that you grant full administrative privileges for the selected service instance.

![A screenshot with the Tanzu Observability roles selected.](images/csp-assign-superadmin-service-role.png)
1. Leave the never expires access field as is.
4. Leave the **Send emails to all invited users notifying them of this role assignment** selected and click **Add**.

The invitations you send are valid for seven days. You can view the status of the invitation by expanding **Identity & Access Management** and then clicking **Pending Invitations**.

## Invite a New User and Assign a Custom Role
## Example 2: Invite a New User and Assign a Custom Role

If you have created custom roles and want to assign custom roles to a user, you must make sure that you assign:

* A mandatory organization role
* At least one service role, for example **Viewer**
* The custom roles of interest

Custom roles work only in combination with service roles. The Tanzu Observability permissions in a custom role apply to all service instances (tenants) for which the user has at least one Tanzu Observability service role.
Custom roles work only in combination with service roles. In a multi-tenant environment, the Tanzu Observability permissions in a custom role apply to all service instances (tenants) for which the user has at least one Tanzu Observability service role.

### Step 1: Enter the New User Details

Expand All @@ -136,29 +145,27 @@ Custom roles work only in combination with service roles. The Tanzu Observabilit

### Step 2: Assign the Roles and Invite the User

Let's assign **Organization Administrator** as a mandatory organization role, then assign the **Viewer** service role to one tenant and the **Ingestion Policies** role to another tenant. After that we will assign the custom role.
Let's assign **Organization Administrator** as a mandatory organization role, then assign the **Viewer** service role for one tenant and the **Ingestion Policies** service role for another tenant. After that, we assign the custom role and it applies to the two tenants for which the user has service roles.

1. Under mandatory roles, select the **Organization Administrator** role.
1. Under **Assign Organization Roles**, select the **Organization Administrator** role.

![A screenshot with the Organization Administrator role selected.](images/csp-assign-org-admin.png)

2. Assign the **Viewer** service role for a specific Tanzu Observability service instance.
1. Click **Add a Service**.
1. From the drop-down menu, select **Tanzu Observability**.
2. Assign the **Viewer** service role for the first Tanzu Observability service instance (tenant) to which you want to invite the new user.
1. Under **Assign Service Roles**, click **Add a Service**.
1. From the first drop-down menu, select **VMware Tanzu Observability**.
![A screenshot with the Tanzu Observability service selected.](images/csp-select-service.png)
1. From the **in** drop-down menu, select the service instance to which you want to invite the new user and leave the **Viewer** service role selected so that you assign it to the user.
![A screenshot with the Tanzu Observability instance and the Viewer role selected.](images/csp-select-aoa-service-viewer.png)
1. From the **in** drop-down menu, select the target service instance (tenant) and leave the **Viewer** service role selected.
![A screenshot with the Tanzu Observability service instance and the Viewer role selected.](images/csp-select-aoa-service-viewer.png)
1. Leave the never expires access field as is.
3. Assign the **Ingestion Policies** service role for another Tanzu Observability service instance.
3. Assign the **Ingestion Policies** service role for the second Tanzu Observability service instance (tenant) to which you want to invite the new user.
1. Click **+Add an Instance**.
1. From the **in** drop-down menu, select the other service instance to which you want to invite the new user.
1. Select the **Ingestion Policies** service role to assign it to the user.
1. From the **in** drop-down menu, select the target service instance (tenant).
1. From the **with roles** drop-down menu, select the **Ingestion Policies** service role to assign it to the user for the selected tenant.
![A screenshot with the Tanzu Observability service instance and the Viewer and the Ingestion Policies service roles selected.](images/csp-assign-two-service-roles.png)
1. Leave the never expires access field as is.

3. Assign the custom role to the user.

The custom role is assigned for the already selected Tanzu Observability service instances.
3. Assign the custom role for the already selected Tanzu Observability service instances (tenants).

1. Click **+ Add Custom Roles Access**.
1. In the **Add custom role access** popup window, search for, select the custom role that you want to assign, and click **Add**.
Expand Down
6 changes: 4 additions & 2 deletions pages/doc/csp_user_management.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,16 @@ To add a user to your Tanzu Observability service instance, you must assign that

1. An [organization role](csp_getting_started.html#whats-a-vmware-cloud-organization-role) for the VMware Cloud organization running the service instance.

{% include note.html content="I you are a VMware Cloud **Organization Administrator**, you can assign only the VMware Cloud **Organization Member** role. Only a VMware Cloud **Organization Owner** can add VMware Cloud **Organization Owners** and VMware Cloud **Organization Administrators**."%}
{% include note.html content="If you are a VMware Cloud **Organization Administrator**, you can assign only the VMware Cloud **Organization Member** role. Only a VMware Cloud **Organization Owner** can add VMware Cloud **Organization Owners** and VMware Cloud **Organization Administrators**."%}

1. An [Tanzu Observability service role](csp_users_roles.html#tanzu-observability-service-roles-built-in) for the service instance.

You can assign a combination of service roles. For example, if the user that you want to invite will set up integrations, make sure that you assign that user both the **Integrations** and the **Proxies** service roles.

If you plan to assign that user a custom role, you must assign that user at least the **Viewer** Tanzu Observability service role, so that the user can access the service instance.

{% include note.html content="In a multi-tenant environment, you assign service roles on a tenant basis. You can assign different service roles for different Tanzu Observability instances (tenants). The users have access only to the tenants for which they have service roles. The users receive the `401 Unauthorized: User has no access to service` error message when trying to access a tenant for which they don't have service roles."%}

{% include important.html content="Make sure that you assign the [**Super Admin** service role](csp_users_roles.html#tanzu-observability-service-roles-built-in) to at least one user of your Tanzu Observability service instance. There are some Super Admin tasks that no one else can perform. "%}

1. Optionally, a [custom role](csp_users_roles.html#create-edit-or-delete-a-custom-role) with an [Tanzu Observability permission](csp_permissions_overview.html#tanzu-observability-permissions).
Expand All @@ -36,7 +38,7 @@ You can assign users with these roles in the following ways:

### Adding Users to Your Organization

When you are adding an individual user or a list of users to the VMware Cloud organization running the service instance, you must assign that users organization, service, and custom roles.
When you are adding an individual user or a list of users to the VMware Cloud organization running the service instance, you must assign that users organization roles. To grant the users access to the Tanzu Observability instance, you assign that users service roles. Optionally, you can also assign the users custom roles, which apply only in combination with service roles.

For details, see [How do I add users to my Organization](https://docs.vmware.com/en/VMware-Cloud-services/services/Using-VMware-Cloud-Services/GUID-47AA313E-9DAC-447C-B6C8-DF71ED45B0D5.html).

Expand Down

0 comments on commit ce0448e

Please sign in to comment.