-
Notifications
You must be signed in to change notification settings - Fork 140
/
platform-operators.html.md.erb
96 lines (81 loc) · 3.31 KB
/
platform-operators.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
---
title: Platform Operators
owners: CAPI, Identity
---
This topic describes the roles and permissions of the operator user type in an <%= vars.platform_name %> and <%= vars.app_runtime_full %> (<%= vars.app_runtime_abbr %>) deployment.
## <a id="overview"></a> Overview
There are various user types in <%= vars.platform_name %> and <%= vars.app_runtime_abbr %> deployments. Roles are assigned categories that more specifically define functions that a user can perform. For more information about user types in <%= vars.app_runtime_abbr %>, see [User Accounts and Communications](../adminguide/user-accounts-index.html).
Operators are users who run a deployment and have admin privileges. Operators are also referred to as Ops Manager admins and runtime admins because they perform an admin role within these contexts.
## <a id="operator-tools-tasks"></a> Operator Tools and Tasks
Operators fulfill system admin roles covering the entire deployment. They work primarily with their IaaS and Ops Manager to configure and maintain <%= vars.app_runtime_abbr %> runtime component VMs. The component VMs support the VMs that host apps.
Typical operator tasks include:
* Deploying and configuring Ops Manager, runtimes, and other product and service tiles.
* Maintaining and upgrading <%= vars.app_runtime_abbr %> deployments.
* Creating user accounts for <%= vars.app_runtime_abbr %> users and the orgs that the users work within.
* Creating service plans that define the access granted to end users.
## <a id="operator-accounts"></a> Operator User Accounts
When Ops Manager starts up for the first time, the operator specifies one of the following authentication systems for operator user accounts:
* Internal authentication, using a new UAA database that Ops Manager creates.
* External authentication, through an existing identity provider accessed through SAML protocol.
The operator can then use the UAA CLI (UAAC) to create more operator accounts. For more information, see [Creating and Managing Ops Manager User and Client Accounts](https://docs.pivotal.io/platform/<%= vars.current_major_version.sub('.', '-') %>/customizing/opsman-users.html).
## <a id='table'></a> Operator Roles and Permissions
The following table summarizes the operator user type, including their roles, the tools they use, the System of Record (SOR) that stores their accounts, and the accounts that they can provision.
<table id='users-summary' border='1' class='nice'>
<col width="20%">
<col width="20%">
<col width="20%">
<col width="20%">
<col width="20%">
<tr>
<th>User Type</th>
<th>Available Roles</th>
<th>Tools They Use</th>
<th>Account SOR</th>
<th>Accounts They Can Provision</th>
</tr><tr>
<td>Operator</td>
<td>
<ul>
<li>
UAA Admin
</li>
<li>
SSO Plan Admin
</li>
<li>
Other system admins
</li>
</ul>
</td>
<td>
<ul>
<li>
IaaS UI
</li>
<li>
VMware Tanzu Network
</li>
<li>
Ops Manager
</li>
<li>
Cloud Foundry CLI (cf CLI)
</li>
<li>
UAA CLI (UAAC)
</li>
<li>
SSO Dashboard
</li>
<li>
Marketplace
</li>
</ul>
</td>
<td>
Ops Manager user store through UAA<br>
<i>or</i><br>
External store through SAML</td>
<td>Operators and <%= vars.app_runtime_abbr %> runtime users</td>
</tr>
</table>