When considering providing certain permissions to a user or a group the following may come handy.
Nutanix user accounts can be created or updated as needed using the Prism web console. The accounts can be local or pulled from Active Directory or LDAP servers.
On top of that Prism Central provides a third authentication method – SAML authentication. Users can authenticate through a qualified identity provider when SAML support is enabled for Prism Central. The Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between two parties, ADFS as the identity provider (IDP) and Prism Central as the service provider.
Once the account has been created it must be assigned a role. There are three options in Prism Element:
-
User Administrator – allows the user to view information, perform any administrative task, and create or modify user accounts.
-
Cluster Administrator – allows the user to view information and perform any administrative task (but not create or modify user accounts).
-
Viewer – does not provide permission to perform cluster or user administrative tasks, allows the user to view information only. Does not allow the user to launch VM Console.
Prism Central includes a wider range of predefined roles, however if the built-in roles are not sufficient for your needs, you can create one or more custom roles (AHV only).
| Role | Privileges |
|---|---|
| Super Admin | Full administrator privileges |
| Prism Admin | Full administrator privileges except for creating or modifying the user accounts |
| Prism Viewer | View-only privileges |
| Self-Service Admin | Manages all cloud-oriented resources and services Note: This is the only cloud administration role available. |
| Project Admin | Manages cloud objects (roles, VMs, Apps, Marketplace) belonging to a project Note: You can specify a role for a user when you assign a user to a project, so individual users or groups can have different roles in the same project. |
| Developer | Develops, troubleshoots, and tests applications in a project |
| Consumer | Accesses the applications and blueprints in a project |
| Operator | Accesses the applications in a project |
For more information as well as instructions on how to configure and modify the options please refer to the guides below: