Management Packs vRealize Operations vRealize Suite

Creating a Custom Role for SQL DBAs with the Management Pack for Microsoft SQL Server

By: Greg Hohertz, Blue Medora

As you expand the reach of vRealize Operations Manager outside the realm of vSphere and down the stack into your compute, network and storage infrastructure and up the stack in databases, middleware, and applications, you’ll quickly find the need to create custom groups within vRealize Operations  to limit access to data by job role.

In this blog, we’ll create a custom group in vRealize Operations Manager for Microsoft SQL DBAs. By the end we’ll have a SQL DBA group within vRealize Operations that limits access to only the resources from the Blue Medora vROps Management Pack for Microsoft SQL Server. These same steps can be used to provide access control for other roles within your organization.

After logging in with an admin-privileged user, we’ll navigate to the User Groups tab in Access Control as shown in Figure 1.

image1

Figure 1 – Navigating to User Groups

Next, we click on the green plus symbol to create a new group. Enter a name for the new group, along with an optional description. Click Next.

image2

Figure 2 – Creating a group

Next, we’ll identify which users should be a member of this group. We can always add more users at a later time.

image3

Figure 3 – Adding users to the group

Then, we’ll select a role for this group.  We won’t delve into vRealize Operations Manager roles in this blog.  For this example, let’s use the built-in ReadOnly role for our SQL DBA’s — we don’t want them messing anything up!

image4

Figure 4 – Assigning roles to the group

Next, in the Objects tab, we will select the objects that this group will have access to.  For our SQL DBAs, I’ve given them access to our MS SQL Server Always On Availability, MS SQL Server Environment, and our VMware to SQL Server Object Hierarchies. This will allow them to see all of the resources in those inventory trees.

image5

Figure 5 – Giving access to objects

Next, click Finish. You’re done!

Now you have a SQL DBA group to grant your SQL DBAs access to only Microsoft SQL objects within vRealize Operations. These same steps can be used to grant access to other groups of users within your organization.