# Rubrik Permissions and Organisations

### Rubrik Permissions

Under the configuration of tenants, there is the capability to use both `Global` or a Rubrik Organisation; this allows the restriction under RBAC to restrict and permit actions in Rubrik using Rubrik Organisations. These steps are outlined entirely in the User Guide - `Chapter 4 - Multitenant Organizations`.&#x20;

During the Organisation Name and Users Phase, specify a name preferably, the tenant name and during Users, add a local/domain user as **Organisation Administrator** but untick: Create SLA, Manage Hosts and Manage Users. Org Admin is required to be able to see all resources that the Org has permission to see.

![](https://4095106604-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LhZl1ijzJsQtWdyQE3k%2F-LkyBfS-RgdhciiHmDwA%2F-LkyCNxGYWaBNbblD_WV%2FScreenshot%202019-07-29%20at%2015.48.53.png?alt=media\&token=e1860416-2dea-4eb0-bd99-271fcec7cb4a)

For the vCloud Director Plugin, the recommendation would be to consider the following when setting up the Organisation.

#### Permit based on vCloud Director Organisation or VDC

When configuring the Organisation, access can be granted to any level in the hierarchy within Cloud Director:

* Cloud Director Cell
* Cloud Director Organisation
* Cloud Director Organisation VDC

This allows permissions to all objects at each of these hierarchal points

![](https://4095106604-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LhZl1ijzJsQtWdyQE3k%2F-Li9DKnEwIZh5xYQUxdC%2F-Li9EXjroM250hi8Engu%2FScreenshot%202019-06-24%20at%2017.06.13.png?alt=media\&token=b44b0be4-369f-4012-b700-aa773fd87a06)

#### CDM 5.1.2 Specific Permissions

With additional RBAC control with CDM 5.1.2, permissions now need to be specified to allow instant recovery and exports.

Within the vCD View, we need to specify the Target vCD Organizations the Rubrik Organization has permission to restore into. Select the tab **Target vCD Organizations** and here we need to grant the vCD Cell, Org or VDC you wish to grant permissions that allow the users to restore into. For example:

![](https://4095106604-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LhZl1ijzJsQtWdyQE3k%2F-M3CybkApA9Mq7C7nKec%2F-M3CzrWHUXcqcJar7dVp%2Fimage.png?alt=media\&token=d0864fe5-5e1d-4bc7-b7a3-41e9bbc045c3)

#### vApp VM Folder Permissions

Since vApps are logical containers, consideration should be taken when permitting the folder created within the vCentre so that VM level actions can be performed, such as File/Folder Restore. This appears in a similar hierarchy to the vCD Components:

* vCenter
* Host
* Folder
* Individual VMs

Cloud Director creates us a folder for all VMs, we can permission the specific folder for this organisation:

![](https://4095106604-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LhZl1ijzJsQtWdyQE3k%2F-Li9DKnEwIZh5xYQUxdC%2F-Li9EsqupM6tWzm_fMgZ%2FScreenshot%202019-06-24%20at%2017.08.50.png?alt=media\&token=41f690e5-6611-4112-a1ce-b49c7e8fb958)

#### SLA Permissions (Organization)

Finally, we can then assign permissions to define which SLAs are available through the Cloud Director plugin. This is on the next page inside the Organization configuration:

![](https://4095106604-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LhZl1ijzJsQtWdyQE3k%2F-Li9DKnEwIZh5xYQUxdC%2F-Li9FRNGtzRSLiTNJA-Z%2FScreenshot%202019-06-24%20at%2017.11.15.png?alt=media\&token=e582d0a1-c9a4-4e07-a0cd-5db150361876)

#### Using Direct Permissions (No Organizations)

The alternative to this is to use `Global` which requires the user account in Rubrik to be setup using `Manage Authorization` with the `End-User` role. You can see this in the `Users` section in Rubrik CDM:

![](https://4095106604-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LhZl1ijzJsQtWdyQE3k%2F-Li9FUM76W1upokNOmA5%2F-Li9G17wLAQFR5j1N5y2%2FScreenshot%202019-06-24%20at%2017.13.06.png?alt=media\&token=bba1f2d5-2ca8-4694-94b4-cfe6e5f3fc5f)

Using `Manage Authorization` we can provide specific permissions:

![](https://4095106604-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LhZl1ijzJsQtWdyQE3k%2F-Li9FUM76W1upokNOmA5%2F-Li9G7-T2oytYeW4t_Jb%2FScreenshot%202019-06-24%20at%2017.13.45.png?alt=media\&token=1a7312a5-d141-46ef-9cfd-1a7056b0caee)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://rubrik.gitbook.io/vcd-extension-for-rubrik/user-guide/rubrik-permissions-and-organisations.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.