RBAC: Creating a New Role

Create Roles and Users

To get started:

1. From the app tray, click on Settings.

Access Users and Roles

1. Navigate to the Settings page. Navigate to ROLES.

Roles Selection

1. Click CREATE ROLE.

Create Role

1. From the Role Templates menu, select the Custom Role tile:

Create Role Wizard

NOTE: When creating roles, you can expedite the process using one of the pre-defined role templates.

1. Type in the name Global VMware Admins in the Role Name field. Then, click on Configure in the Data Management tile:

Create Role Wizard

1. Select the By Object Type tile, and then click the Next button:

Create Role Wizard

NOTE: If broader permissions are required, or you want to define by a Rubrik cluster(s), you can use the By Cluster tile followed by the All Object Types tile.

1. For this exercise, we are going to create a role that allows that specifically allows permission for vSphere virtual machines. From the Data Management - By Type wizard, select All Protectable Objects:

Data Management - By Type

1. Click the Select specific vSphere objects radio button and Rubrk will populate vSphere virtual machines in the Rubrik deployment. This includes multiple clusters (A) and individual VMs, folders, ESXi clusters/hosts, and tags (B). Additionally, you can also use the search capabilities to filter the results (C):

Protectable Object Selection

1. Since this is an RBAC role that incorporates all VMs in the deployment, select the radio button for Select all existing and future protectable vSphere objects and click the Done button:

Protectable Object Slection Window

1. Additionally, you can edit the recovery targets and individual privileges by selecting All Recovery Targets and Full Privileges. Let's take a peek at the granular permissions you can grant and revoke for the role by selecting Full Privileges:

Data Management - By Type

1. From the sidebar, explore the individual permissions for the role, including how an Administrator can view, protect, recover, and manage the selected objects. Once you have explored these options, click the Done button:

Data Managment Privileges

1. Click the Next button to advance the Create Role wizard:

Create Role Wizard

1. For Assign Datacenter Archival Locations, select NEXT.

1. From the SLA Domains windows of the Create Role wizard you can limit the permissions of the role for specific SLA Domains. For example, your organization may want to limit the access of SLA Domains with unique configurations or compliance needs. For this lab, leave this setting with the default Select all existing and future SLA Domains and click the Done button:

1. Finally, you will be presented with a summary page that serves as a recap before you create your role. Click the Create button to complete the RBAC wizard:

Create Role - Summary Page

NOTE: For a fuller context of the options in RBAC, if you define System Configuration or the Rubrik Application options, you would see a summary similar to this:

Create Role - Summary (All)

Once you return to Users and Roles, you will see your newly created role:

Users and Roles - Global VMware Admins

Now that we have our custom role created, you can apply it to users across the Rubrik deployment. An important distinction is that this role can be applied globally, taking advantage of the central control plane of the Rubrik Security Cloud architecture.

Let's explore how simple it is to apply the newly created role to a user!