I connect PC to active directory with LDAPS and use it with Administration -> Project and Roles.
I assign roles to projects and projects to active directory groups and assign the project to VM’s with “manage ownership” on the VM.
You can also go to the Administration → Roles page, select a role and go “Manage Assignment”.
Hey osburnm,
First things first, welcome to Nutanix world.
Running native Nutanix hypervisor – AHV implies that you do not have or need vCenter or any other third party management console. vCenter and SCVMM are only necessary when deploying ESXi or Hyper-V respectively.
Security guide AOS 5.18: Controlling User Access (RBAC) - is a place to begin with regards to permissions.
From the guide:
You can specify various user/entity relationships when configuring the role assignment. To illustrate, in the following example the first line assigns the my_custom_role to a single user (ssp_admin) for two VMs (normal_vm and test_andrey). The second line assigns the role to two users (locus1 and locus2) for a single category (4gcC1Z). The third line again assigns the role to the user locus1 but this time for all subnets.
In terms of organizing the environment, PC operates with categories which gives you flexibility to group entities however you like be it geographically, by apps, both by associating with more than one category. This labeling can be done to VMs, images, blueprints, clusters, etc.
More on categories Prism Central Guide: Category Management.
I hope this is helpful.
Let me know if you have further questions, please.
