Dell APEX Cloud Platform for Microsoft Azure Security Configuration Guide
Authorization
Authorization is a critical component of any security model for a product. Authorization describes what a user is allowed to do within a system.
The following table provides the key concepts and terminology:
| Active Directory Domain Server | Description |
|---|---|
| Role | A role allows you to assign permissions to an object based on the tasks that users perform. Example an Admin or a Management role. |
| Permission |
A permission grants a user or group privileges for a specific object. A permission triplet consists of:
|
Role Based Access Control
APEX Cloud Platform Manager relies on the Active Directory Domain Services Role Based Access Control (RBAC) model.
After deployment, you can add users to the following groups to permit access to the management of the cluster:
- Domain Admins (Built-In AD Group)
- <Prefix>-OpsAdmin (New Group Created During Deployment)
From AD with LDAPs, you can manage APEX Cloud Platform users through groups that are assigned to roles in Active Directory Domain Server. The APEX Cloud Platform API also uses the same Active Directory Domain Server RBAC mechanism. Any API requests are sent to Active Directory for authentication, and authorization are based on their Active Directory Domain Server permissions.
User role definition
The following roles are available for each component:
| Component | User ID | Roles |
|---|---|---|
| iDRAC | root | Admin |
| iDRAC | vxpsvc | Admin |
| AD | Customer defined | Management |
| APEX Cloud Platform Manager | root | Admin |
| APEX Cloud Platform Manager | service | user |
| APEX Cloud Platform Manager | mystic | user |
| Node | Administrator (After you deploy the cluster, change to ASBuiltinAdmin). | Admin |
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\