VMware Aria Automation Tools

 View Only

  • 1.  VM Change Owner --> Multiple single user

    Posted Jul 14, 2023 07:34 AM

    Hi,

    we use the change owner feature to share VMs with colleagues and comply with data protection regulations at the same time.

    I am now getting more requests that colleagues would like to share a VM with multiple individual colleagues and not a defined group.

    Is there a way to do this that I am currently overlooking?

    Thanks in advance
    Christoph



  • 2.  RE: VM Change Owner --> Multiple single user

    Posted Jul 14, 2023 12:30 PM

    As we can see in the API, the "owner" property is for one value only.

    bdamian_0-1689337639191.png

    So you cannot set multiple users for a Deployment.

    However, if you want that multiple users can manage the Deployment, you could move it to a Project with the "Deployments are shared between all users in the project" option selected:

    bdamian_1-1689337775352.png

     

     



  • 3.  RE: VM Change Owner --> Multiple single user

    Posted Jul 14, 2023 01:17 PM

    Thank you for the quick reply

    unfortunately this is not an option due to the data protection laws we have to comply with.

    Unfortunately, an assignment to groups is difficult for us, because they are designed very dynamically.

    Does it make sense to create a feature request with vmware?



  • 4.  RE: VM Change Owner --> Multiple single user

    Posted Jul 15, 2023 03:11 PM

    You could also implement a method to change the owner when needed. Needs a little of work and scripting. Or create more projects and assign right to those projects based on ldap group. The latter is what i do at the moment. Just the problem is that you need to create some scripts to manange the projects and ad groups for creating and cleaning up.



  • 5.  RE: VM Change Owner --> Multiple single user

    Posted Jul 18, 2023 12:28 PM

    I can imagine others wanting something similar, so it can't hurt to submit a feature request.  But you may want to think through how you want it to work exactly.  Can any owner add another owner?  Can any owner remove another owner?  Should every "owner" be able to modify the deployment.  Should there be read-only owners?  Etc.  

     

    That said, I think you can automate it by creating projects on the fly with the users and then updating to use that new project (for example).  Or even creating a project per deployment and add/remove users as needed.  But that would be a decent amount of work and depending on the size of your environment, it could also get out of hand pretty quickly.  



  • 6.  RE: VM Change Owner --> Multiple single user

    Posted Aug 02, 2023 08:14 AM

    You can only apply one Owner to one Deployment. I have the same Problem here.

    My Workaround was, I create for each teams a Project and define access trough Member-Roles (AD-Groups), and Policys for action (Day 2 Actions/Power, Snapshot, Sizing, Delete etc.) and catalog-Items (Content Sharing/Deployments) for Members, DBA or Super-User.

    I think, the best way for us was to record everything and then create a role concept and then apply to vAA. Implementing the role concept was a bit tricky, as VAA has some difficulty mixing roles and AD groups with soft and hard policy.