Use external application access settings to gain access to internal
components such as the virtual manager, compute nodes, and storage controllers.
Before you begin
You must be assigned the Hardware administration role with permission to Manage hardware resources (Full permission) to perform these steps.
About this task
An external application represents a set of users that grant access to internal components such
as the virtual manager, compute nodes, and storage controllers.
You can use the console, the command line interface, or the REST API to complete this task. For the command line and REST API information, see the Related information section.
Procedure
- Click .
- Expand External Application Access Settings.
- To create an external application, click Create. This opens a dialog for
creating the external application.
- Specify the Name to uniquely identify the external application.
- Select one of the following options from the Access Scope list to
indicate whether permissions are applied to all Virtual Manager resources or only those resources
for selected cloud groups. For monitoring purposes, you should choose the smallest access scope that is sufficient. If
external applications will be deploying and managing virtual machines, you should select
Cloud Groups and only select cloud groups of type Virtual
Manager. Performing actions on resources from regular cloud groups can interfere with
correct management of these resources by the system.
- Cloud groups
- Select one or more cloud groups from the list.
- Everything
- All Virtual Manager resources such as compute nodes and hosts are included in this scope
selection.
- Select one of the available options from the Virtual Manager Privilege
Set list to grant a set of privileges for Virtual Manager resources.
- Default
- Allows typical deployment operations.
- Read Only
- Limited privileges for monitoring purposes.
- IBM Spectrum Protect for Virtual Environments
- A subset of the Default privilege set with only the privileges required
by IBM Spectrum Protect for Virtual Environments.
- IBM Spectrum Protect Data Mover - Backup and Recovery Role
- A subset of the Default privilege set with only the privileges required
for performing backup and recovery operations with IBM Spectrum Protect.
- IBM Spectrum Protect Data Mover - Backup Role
- A subset of the Default privilege set with only the privileges required
for performing backup operations with IBM Spectrum Protect.
Tip: The Default privilege set and all privilege sets related to
IBM Spectrum Protect include privileges for the IBM Data Protection extension, but these privileges
cannot be applied until the extension has been installed. You can create a temporary external
application for installation of the extension, and then create new external applications that will
be able to use the IBM Data Protection extension.
- Select Grant Compute Nodes Access for creation of external users for
compute nodes. If Grant Compute Nodes Access is checked, this also indicates whether
users are created for all compute nodes or only those compute nodes that belong to the selected
cloud groups. For example, access users are created for all compute nodes if
Everything is selected for Access Scope and
Grant Compute Nodes Access is checked. Access users are created for only
those compute nodes that belong to the selected cloud groups if Cloud Groups
is selected for Access Scope and Grant Compute Nodes
Access is checked.
- Select Grant Storage Access to indicate whether external users are
created for access to storage controllers.
- To delete an external application access, click Delete in the
Actions column.
- To view the list of external users, click Show details in the
Actions column.