Overview
If the scopes and division of object types allowed by predefined realms does not enable you to meet permission critera, you can define custom realms and specify any selection of object types to include in each realm.
You can include any combination of the following object types in a custom realm:
Category | Object type | Enables access to (exact permissions depend on create/view/edit/delete permission type per manager/role) |
|---|---|---|
Support | ChallengeToken | Challenge token generation for unlocking the indestructibility mechanism for a short time. |
SupportBundle | Support bundles | |
Env | Environments, a type of system component that can be listed via REST API calls. | |
Module | Modules, a type of system component that can be listed via REST API calls. | |
CallhomeConfig | Callhome configuration | |
License | Licenses | |
Monitoring | Monitor | Analytics reports |
Events | Event | System events |
Alarm | Alarms | |
EventDefinition | Event definitions | |
EventDefinitionConfig | Global event configuration | |
Settings | Vms | VMS Settings |
Hardware | Switch | Switches |
NIC | NICs | |
Port | NIC Ports | |
PSU | PSUs | |
Carrier | SSD/SCM device slots | |
CBox | CBoxes | |
CNode | CNodes | |
DTray | DTrays (CERES DBox hardware component that carries DNodes) | |
DNode | DNodes | |
Rack | Cluster racks | |
SSD | SSDs | |
SubnetManager | Subnet manager, a network monitoring service that can be run on CNodes in a cluster with an Infiniband network, via CLI and REST API only, | |
Cluster | Cluster (includes global cluster actions such as upgrade) | |
NVRAM | SCM devices | |
DBox | DBoxes | |
Fan | Fans | |
Logical | Snapshot | Snapshots |
ViewPolicy | view policies | |
ProtectionPolicy | protection policies | |
View | view | |
ReplicationStream | Replication streams that belong to protected paths (each stream replicates from the source to a specific destination). | |
ProtectedPath | Protected paths | |
VIP | Virtual IPs | |
DNS | VAST DNS | |
ReplicationTarget | S3 replication peers (backup to S3) | |
S3LifeCycleRule | S3 Lifecycle rules | |
ReplicationRestorePoint | Restore points | |
QOSPolicy | QoS policies | |
GlobalSnapStream | Global snapshot clones | |
Quota | Quotas | |
VIPPool | VIP pools | |
NativeReplicationRemoteTarget | Replication peers | |
QuotaEntityInfo | Resources that provide details of all users and groups that wrote to quota directories. | |
UserQuota | User quotas | |
Security | Realm | User defined realms |
Role | Roles | |
ActiveDirectory | Active Directory | |
Tenant | Tenants | |
S3Policy | Identity policies | |
Indestructibility | Indestructibility | |
Ldap | LDAP | |
User | Users | |
NIS | NIS | |
Manager | Managers | |
Permission | Manager permissions | |
Group | Groups | |
Applications | CNodeGroup | CNode groups for applications managed through the Data Engine feature |
ManagedApplication, ManagedApplicationSet | Managed Applications (Data Engine) |
Viewing Custom Realms
To see which custom realms are already defined, navigate to the Realms page in the VAST Web UI. All custom realms are displayed in the list.
To list realms from the VAST CLI, use the realm list command.
Creating Realms
Creating Realms from the VAST Web UI
From the left navigation menu, select Administrators and then Realms to open the Realms page.
Click Create Realm.
In the Realm name field, enter a name for the realm.
Select the object types that you want to include in the realm.
The object types are organized under categories. Select a category to see a set of object types and then select each object type that you want to include or click Select all to select all of the object types in the category.
Click Add.
The new realm is created and appears in the list of realms.
Note
You can also create a realm from the Add/Update Manager dialog, by clicking Create New Realm, so that you can create and then assign the new realm to a manager.
Creating Realms from the VAST CLI
Use the realm create command.
Deleting Realms
Deleting Realms from the VAST Web UI
Right-click the realm and select Remove.
Click Yes to confirm the deletion.
Deleting Realms from theVAST CLI
Use the realm delete command.
Adding and Removing Object Types from Realms
To add and remove object types from realms from the VAST Web UI:
Right-click the realm and select Edit..
Change the selection of object types as needed and click Update.
To change the object type selection in the realm from the VAST CLI, use the realm assign and realm unassign commands.