Cluster RBAC | Nutanix Community
Skip to main content

The Cluster role based access Control (RBAC) or Enhanced Prism Central RBAC feature provides “Prism Admin” and “Prism Viewer” role based access to Prism Central with access restricted to one or more AOS clusters registered to Prism Central. With Cluster RBAC, the Prism Central admin or viewer user is able to access Prism Central and view and act on the entities like VM, host and container from the allowed AOS clusters. The users will also be able to perform the “Launch Prism Element” action on the allowed AOS clusters and manage the cluster with respective Prism Admin or viewer access.

 

Enabling cluster RBAC

 

Pre-checks

  1. Verify supported the Prism Center version and the AHV cluster version.

  2. The AOS cluster where Prism Central is deployed must be registered to the Prism Central.

  3. CMSP must be enabled.

  4. Identity and Access Management (IAM) is automatically enabled as part of CMSP enablement.

  5. The prerequisites for CMSP and IAM also apply to cluster RBAC

 

Procedure

 

  1. Connect to the Prism Central VM using SSH.

  2. Edit the “/home/nutanix/config/prism/prism-properties.json” file configuration

  3. Restart the Prism Service “allssh genesis stop prism && cluster start”

  4. Verify if the cluster RBAC feature is enabled “zkls /appliance/logical/prism”

  5. This configuration remains persistent over Prism Central VM reboot; however, the configuration is lost after an upgrade.

 

For more details to configure Cluster RBAC, please refer to Configure cluster RBAC