Configuring external application access

Use external application access settings to gain access to internal components such as the virtual manager, compute nodes, and storage controllers.

Before you begin

You must be assigned the Hardware administration role with permission to Manage hardware resources (Full permission) to perform these steps.

About this task

An external application represents a set of users that grant access to internal components such as the virtual manager, compute nodes, and storage controllers.

You can use the console, the command line interface, or the REST API to complete this task. For the command line and REST API information, see the Related information section.

Procedure

  1. Click System > System Settings.
  2. Expand External Application Access Settings.
  3. To create an external application, click Create. This opens a dialog for creating the external application.
    1. Specify the Name to uniquely identify the external application.
    2. Select one of the following options from the Access Scope list to indicate whether permissions are applied to all Virtual Manager resources or only those resources for selected cloud groups. For monitoring purposes, you should choose the smallest access scope that is sufficient. If external applications will be deploying and managing virtual machines, you should select Cloud Groups and only select cloud groups of type Virtual Manager. Performing actions on resources from regular cloud groups can interfere with correct management of these resources by the system.
      Cloud groups
      Select one or more cloud groups from the list.
      Everything
      All Virtual Manager resources such as compute nodes and hosts are included in this scope selection.
    3. Select one of the available options from the Virtual Manager Privilege Set list to grant a set of privileges for Virtual Manager resources.
      Default
      Allows typical deployment operations.
      Read Only
      Limited privileges for monitoring purposes.
      IBM Spectrum Protect for Virtual Environments
      A subset of the Default privilege set with only the privileges required by IBM Spectrum Protect for Virtual Environments.
      IBM Spectrum Protect Data Mover - Backup and Recovery Role
      A subset of the Default privilege set with only the privileges required for performing backup and recovery operations with IBM Spectrum Protect.
      IBM Spectrum Protect Data Mover - Backup Role
      A subset of the Default privilege set with only the privileges required for performing backup operations with IBM Spectrum Protect.
      Tip: The Default privilege set and all privilege sets related to IBM Spectrum Protect include privileges for the IBM Data Protection extension, but these privileges cannot be applied until the extension has been installed. You can create a temporary external application for installation of the extension, and then create new external applications that will be able to use the IBM Data Protection extension.
    4. Select Grant Compute Nodes Access for creation of external users for compute nodes. If Grant Compute Nodes Access is checked, this also indicates whether users are created for all compute nodes or only those compute nodes that belong to the selected cloud groups. For example, access users are created for all compute nodes if Everything is selected for Access Scope and Grant Compute Nodes Access is checked. Access users are created for only those compute nodes that belong to the selected cloud groups if Cloud Groups is selected for Access Scope and Grant Compute Nodes Access is checked.
    5. Select Grant Storage Access to indicate whether external users are created for access to storage controllers.
  4. To delete an external application access, click Delete in the Actions column.
  5. To view the list of external users, click Show details in the Actions column.