IBM Cloud Docs
Customizing access for managing hybrid workloads

Customizing access for managing hybrid workloads

In this tutorial, you customize how a Power Virtual Server administrator can view and access an account with on-premises and off-premises environments. In this scenario, a retail company wants to run their core business logic on IBM Power Virtual Server on-premises and run front-end services on IBM Cloud.

Create a trusted profile for the Power Virtual Server administrator to grant them consistent access across on-premises and cloud environments and tailor their platform experience to their job role.

Before you begin

Make sure that you are logged in as the account owner or a user with the Administrator role on all account management services or Administrator role on the IAM Identity Service. For more information, see IAM Identity service.

Create a trusted profile

The primary focus of the Power Virtual Server administrator is helping ensure that the underlying infrastructure, both cloud and on-premises, runs smoothly, is secure, scalable, and available for other teams.

Complete the following steps:

  1. In the IBM Cloud console, click Manage > Access (IAM) > Trusted profiles and click Create.
  2. Enter the profile name PowerVS Admin and the initials PA.
  3. Enter a description for the profile, like "Full access to deploy, configure, and manage virtual servers, storage, and networking components in both on-premises and cloud environments."
  4. Select a color to represent this trusted profile and click Continue. Your users might have access to multiple trusted profiles in multiple accounts.
  5. Select Individual users and select the Power Virtual Server administrators that need access. Then, click Add to profile.

Assign access

To set up IBM Power Virtual Server Private Cloud and manage Power Virtual Server instances across on-premises and cloud environments, the Power Virtual Server administrator needs the following roles and services:

  1. Click Continue and select Access policy.
  2. Select the following role and service:
    • Service: Workspace for Power Virtual Server
    • Resources: All resources
    • Roles and actions: Administrator
  3. Click Add.

To optimize and monitor resources after the infrastructure is in place, the Power Virtual Server administrator needs the following access:

  1. Select the following role and service:
    • Service: IBM Cloud Monitoring
    • Resources: All resources
    • Roles and actions: Editor
  2. Click Add.
  3. Click Create.

You might also create a trusted profile for an AIX administrator. This job role needs to Viewer access to Power Virtual Server to get SSH ports to connect to instances, see whether a resource is up, but doesn't need to create VSIs.

Customize the console

After you click create, you can customize the console experience for the trusted profile.

  1. Click Console experience.
  2. Select the URL for the landing page and input the Power Virtual Server dashboard URL: https://cloud.ibm.com/power/overview.
  3. Deselect the Manage navigation items. The Power Virtual Server administrator in this example doesn't need to manage account settings, access, or billing. Removing these menu items helps users complete tasks specific to their job role.
  4. Select the private catalog that you created in Setting up catalogs and locations for hybrid workloads. This way, the Power Virtual Server administrator can provision only resources that they have access to from the curated list of services that you created.
  5. Click Save.

Next steps

Now that access is set up for the Power Virtual Server administrator, prepare your data center and order IBM Power Virtual Server Private Cloud. For more information, see Ordering on-premises infrastructure for your hybrid cloud.