B.0 Roles and Permissions

PlateSpin Transformation Manager provides role-based access control to restrict access in the Web Interface to authorized users. It associates permissions with roles rather than with individual users and groups. A role grants a user or group the authority to perform specific actions in the Web Interface. Permissions determine the various job functions that the role can perform. Roles in the Web Interface include the following:

System Administrator
Project Manager
Project Architect
Migration Specialist
Dashboard Viewer

Users and groups have no permissions in Transformation Manager except those you grant through the roles you assign them. Because members of a group automatically inherit the role assignments for the group, you can assign appropriate roles to groups to simplify the management of user authorizations. You can easily move users in and out of various groups to assign roles to them.

The scope of responsibility for each project role depends on the level of the role assignment: system, organization, project, wave, or batch. Only system users can be assigned roles at the system level or to multiple organizations.

The roles and permissions matrixes identify the various actions and access control permissions that users and groups have based on their assigned roles.

User Roles

Table B-1 Legend for the Roles and Permissions Matrixes

Column Heading	User or Role	Description
NA	Network Administrator	An IT administrator who has sufficient permissions and authority in the data center to install and configure the PlateSpin Transformation Manager Appliance. After the initial setup, this user (or another designated IT member) monitors and manages the appliance by logging in to the Appliance Management tool with either of the following appliance user identities: vaadmin root
SA	System Administrator role	Any Transformation Manager system user who is a member of the Administrators group.
PM	Project Manager role	A Transformation Manager user who is assigned the Project Manager role.
PA	Project Architect role	A Transformation Manager user who is assigned to the Project Architect role.
MS	Migration Specialist role	A Transformation Manager user who is assigned to the Migration Specialist role.
DV	Dashboard Viewer role	A Transformation Manager user who is assigned to the Dashboard Viewer role.

Annotations

N No

Y Yes

Y^U Restricted to user’s own user account.

Y^A Restricted to the projects assigned to the user.

Y^N Restricted to non-Administrator groups.

Roles and Permissions Matrixes

Table B-2 Roles and Permissions for the Appliance and Application

Tasks and Actions			NA	SA	PM	PA	MS	DV
Appliance Installation and Setup
	Download software		Y	N	N	N	N	N
	Prepare VM Environment
		Hypervisor Host	Y	N	N	N	N	N
		Network	Y	N	N	N	N	N
		External Storage	Y	N	N	N	N	N
	Install VM		Y	N	N	N	N	N
	Configure VM (vaadmin or root)
		Modify VM Settings	Y	N	N	N	N	N
		Monitor VM (Ganglia metrics and reports)	Y	N	N	N	N	N
		Add System Administrator User	Y	N	N	N	N	N
		Change Password for System Administrator User	Y	N	N	N	N	N
	Upgrade VM		Y	N	N	N	N	N
	License Key/Blocks (Customer Center account owner)		Y	N	N	N	N	N
Web Interface Configuration
	Licenses
		Add license key	N	Y	N	N	N	N
		Edit license key	N	Y	N	N	N	N
		Remove license key	N	Y	N	N	N	N
		View active license key and unused blocks	N	Y	N	N	N	N
	Operating Systems
		Create	N	Y	N	N	N	N
		Edit	N	Y	N	N	N	N
		Delete	N	Y	N	N	N	N
		View	N	Y	N	N	N	N

Table B-3 Roles and Permissions for User Management

Tasks and Actions			SA	PM	PA	MS	DV
Users
	Organizations
		Create	Y	N	N	N	N
		Edit	Y	N	N	N	N
		Delete	Y	N	N	N	N
		View	Y	Y^U	Y^U	N	N
	Users
		Create	Y	Y	N	N	N
		Edit	Y	Y^U	Y^U	Y^U	Y^U
		Delete (except the last member of the Administrators group)	Y	Y	N	N	N
		View	Y	Y	Y	Y	N
		Change password	Y	Y^U	Y^U	Y^U	Y^U
	Groups
		Create	Y	Y^N	N	N	N
		Edit	Y	Y^N	N	N	N
		Delete (except the Administrators group)	Y	Y^N	N	N	N
		View	Y	Y^N	Y^N	N	N
Role-Based Access Control (who can assign roles)
	System Administrator Role (Administrators Group)
		Add members	Y	N	N	N	N
		Remove members (except the last member)	Y	N	N	N	N
		View members	Y	N	N	N	N
	Project Manager Role
		Add	Y	N	N	N	N
		Remove	Y	N	N	N	N
	Project Architect Role
		Add	Y	Y	N	N	N
		Remove	Y	Y	N	N	N
	Migration Specialist Role
		Add	Y	Y	Y	N	N
		Remove	Y	Y	Y	N	N
	Dashboard Viewer Role
		Add	Y	Y	N	N	N
		Remove	Y	Y	N	N	N

Table B-4 Roles and Permissions for Transformation Management

Tasks and Actions			SA	PM	PA	MS	DV
Dashboard
	View Warning and Error Statistics		Y	N	N	N	N
	View Transformation Statistics		Y	Y^A	Y^A	Y^A	Y^A
Planning
	Projects
		View	Y	Y^A	Y^A	Y^A	Y^A
		Create	Y	Y^A	N	N	N
		Edit	Y	Y^A	Y^A	N	N
		Delete	Y	Y^A	N	N	N
	Waves
		View	Y	Y^A	Y^A	Y^A	Y^A
		Create	Y	Y^A	Y^A	N	N
		Edit	Y	Y^A	Y^A	N	N
		Delete	Y	Y^A	Y^A	N	N
	Batches
		View	Y	Y^A	Y^A	Y^A	Y^A
		Create	Y	Y^A	Y^A	N	N
		Edit	Y	Y^A	Y^A	N	N
		Delete	Y	Y^A	Y^A	N	N
	Applications
		View	Y	Y^A	Y^A	Y^A	N
		Create	Y	Y^A	Y^A	N	N
		Edit	Y	Y^A	Y^A	N	N
		Delete	Y	Y^A	Y^A	N	N
	Workloads
		View	Y	Y^A	Y^A	N	N
		Bulk Import	Y	Y^A	Y^A	N	N
		Bulk Edit	Y	Y^A	Y^A	N	N
		Edit	Y	Y^A	Y^A	N	N
		Bulk Status Change	Y	Y^A	Y^A	N	N
		Delete	Y	Y^A	Y^A	N	N
	Transformations
		View	Y	Y^A	Y^A	Y^A	N
		View Statistics	Y	Y^A	Y^A	Y^A	Y^A
		Submit	Y	Y^A	Y^A	N	N
		Withdraw	Y	Y^A	Y^A	N	N
		Bulk Status Change	Y	Y^A	Y^A	Y^A	N
		Execute Transformation	Y	N	Y^A	Y^A	N
Resources
	Credentials
		View	Y	Y^A	Y^A	Y^A	N
		Create	Y	Y^A	Y^A	N	N
		Edit	Y	Y^A	Y^A	N	N
		Delete	Y	Y^A	Y^A	N	N
	Hosts (Source)
		View	Y	Y^A	Y^A	Y^A	N
		Delete	Y	Y^A	Y^A	N	N
	Hosts (Target)
		View	Y	Y^A	Y^A	Y^A	N
		Create	Y	Y^A	Y^A	N	N
		Edit	Y	Y^A	Y^A	N	N
		Delete	Y	Y^A	Y^A	N	N
	Networks (Source)
		View	Y	Y^A	Y^A	Y^A	N
		Delete	Y	Y^A	Y^A	N	N
	Networks (Target)
		View	Y	Y^A	Y^A	Y^A	N
		Create	Y	Y^A	Y^A	N	N
		Edit	Y	Y^A	Y^A	N	N
		Delete	Y	Y^A	Y^A	N	N
	Datastores (Source)
		View	Y	Y^A	Y^A	Y^A	N
		Delete	Y	Y^A	Y^A	N	N
	Datastores (Target)
		View	Y	Y^A	Y^A	Y^A	N
		Create	Y	Y^A	Y^A	N	N
		Edit	Y	Y^A	Y^A	N	N
		Delete	Y	Y^A	Y^A	N	N
	Environments
		View	Y	Y^A	Y^A	Y^A	N
		Create	Y	Y^A	Y^A	N	N
		Edit	Y	Y^A	Y^A	N	N
		Delete	Y	Y^A	Y^A	N	N
	Migration Servers
		View	Y	Y^A	Y^A	Y^A	N
		Create	Y	Y^A	Y^A	N	N
		Edit	Y	Y^A	Y^A	N	N
		Delete	Y	Y^A	Y^A	N	N
	Resource Pools
		View	Y	Y^A	Y^A	Y^A	N
		Create	Y	Y^A	Y^A	N	N
		Edit	Y	Y^A	Y^A	N	N
		Delete	Y	Y^A	Y^A	N	N