Escalate CloudSimple privileges to perform administrative functions in Private Cloud vCenter¶
The CloudSimple privileges approach is designed to give vCenter users the privileges they need to perform normal operations. In some instances, a user may require additional privileges to perform a particular task. You can escalate privileges of a vCenter SSO user for a limited period.
Reasons for escalating privileges can include the following:
- Configuration of identity sources
- User management
- Deletion of distributed port group
- Installing vCenter solutions (such as backup apps)
- Creating service accounts
Actions taken in the escalated privileged state can adversely impact your system and can cause your system to become unavailable. Perform only the necessary actions during the escalation period.
How privilege escalation works¶
From the CloudSimple portal, escalate privileges for the CloudOwner local user on the vCenter SSO. You can escalate remote user's privilege only if additional identity provider is configured on vCenter. Escalation of privileges involves adding the selected user to the vSphere built-in Administrators group. Only one user can have escalated privileges. If you need to escalate another user's privileges, first de-escalate the privileges of the current users.
Users from additional identity sources must be added as members of CloudOwner group.
During the escalation period, CloudSimple uses automated monitoring with associated alert notifications to identify any inadvertent changes to the environment.