Unable to see identity providers in vRA 7.0.x

I have seen a weird issue which seems to have come along in vRA 7.0.1, to do with roles and authorization. In my environment I have delegated the Tenant Administrator role to an Active Directory group, named ‘vRA-TenantAdmins’, of which my user account is a member. This shows when I look at my user account through ‘Users and Groups’ (the square rather than a tick indicates this permission is implicit):

Roles_1

Now, I can do the stuff a Tenant Administrator should be able to do, with some weird exceptions. For example, when I try to look at what directories have been added to vIDM, the interface just hangs at refreshing the list of directories:

Dir_Hanging

And the same when I look at identity providers:

Provider_hanging

And I can’t do login screen branding (although header and footer branding works fine!):

branding_fail

I smashed my face off this problem for a few hours, but turns out the fix was fairly simple (although this should be unnecessary). If I go to my account again, under ‘Users and Groups’, and add my account explicitly to the ‘Tenant Administrator’ role, then the functionality all mysteriously works.

Roles_2

This is pretty annoying, as I want to do Role Based Access Control (RBAC), using Active Directory to control access for user accounts. Hopefully this will be fixed in the next release of vRealize Automation, and hoping this post helps people seeing the same obscure behaviour I did.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s