forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
platform-operators.html.md.erb
97 lines (81 loc) · 3.31 KB
/
platform-operators.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
---
title: Pivotal Platform Operators
owners: CAPI, Identity
---
This topic describes the roles and permissions of the operator user type in a <%= vars.product_name %> deployment.
## <a id="overview"></a> Overview
There are various user types in a <%= vars.product_name %> deployment. Roles are assigned categories that more specifically define functions that a user can perform. For more information about user types in <%= vars.product_name %>, see [User Accounts and Communications](../adminguide/user-accounts-index.html).
Operators are users who run a <%= vars.product_name %> deployment and have admin privileges. Operators are also referred to as <%= vars.product_name %> Ops Manager admins and runtime admins because they perform an admin role within these contexts.
## <a id="operator-tools-tasks"></a> Operator Tools and Tasks
Operators fulfill system admin roles covering the entire <%= vars.product_name %> deployment. They work primarily with their IaaS and Ops Manager to configure and maintain <%= vars.product_name %> runtime component VMs. The component VMs support the VMs that host apps.
Typical operator tasks include:
* Deploying and configuring Ops Manager, <%= vars.product_name %> runtimes, and other product and service tiles.
* Maintaining and upgrading <%= vars.product_name %> deployments.
* Creating user accounts for <%= vars.product_name %> users and the orgs that the users work within.
* Creating service plans that define the access granted to end users.
## <a id="operator-accounts"></a> Operator User Accounts
When Ops Manager starts up for the first time, the operator specifies one of the following authentication systems for operator user accounts:
* Internal authentication, using a new UAA database that Ops Manager creates.
* External authentication, through an existing identity provider accessed through SAML protocol.
The operator can then use the UAA CLI (UAAC) to create more operator accounts. For more information, see [Creating and Managing Ops Manager User and Client Accounts](https://docs.pivotal.io/platform/<%= vars.current_major_version.sub('.', '-') %>/customizing/opsman-users.html).
## <a id='table'></a> Operator Roles and Permissions
The following table summarizes the <%= vars.product_name %> operator user type, including their roles, the tools they use, the System of Record (SOR) that stores their accounts, and the accounts that they can provision.
<table id='users-summary' border='1' class='nice'>
<col width="20%">
<col width="20%">
<col width="20%">
<col width="20%">
<col width="20%">
<tr>
<th>User Type</th>
<th>Available Roles</th>
<th>Tools They Use</th>
<th>Account SOR</th>
<th>Accounts They Can Provision</th>
</tr><tr>
<td>Operator</td>
<td>
<ul>
<li>
UAA Admin
</li>
<li>
SSO Plan Admin
</li>
<li>
Other system admins
</li>
</ul>
</td>
<td>
<ul>
<li>
IaaS UI
</li>
<li>
PivNet
</li>
<li>
Ops Manager
</li>
<li>
Cloud Foundry CLI (cf CLI)
</li>
<li>
UAA CLI (UAAC)
</li>
<li>
SSO Dashboard
</li>
<li>
Marketplace
</li>
</ul>
</td>
<td>
Ops Manager user store through UAA<br>
<i>or</i><br>
External store through SAML</td>
<td>Operators and <%= vars.product_name %> runtime users</td>
</tr>
</table>