Ask: Feature request to allow restore scope of Nutanix to be at the category level vs. cluster level to allow more granularity of scope to tenant/Organization.
Current this is what is available for restore scope:
Using VMware as an example:
Impact: Working with a customer they currently have about 800 restore events a year and would like to provide restore capability for the organizations they support so that workload doesn't fall to them. This feature would enable them to lock down the scope to just those VMs that fall into the specific categories tied to each organization.
@jason.berry we definitely have plans for more granular RBAC roles in the future for Nutanix. I cannot guarantee they will be exposed via Enterprise Manager however.
We would be interested in the development of this as well. Our customers use our platform for IaaS and having granular control over what customers can backup and manage would be essential.
@allan_asi since we opened up Prism Central support attaching RBAC roles to PC elements has become a hot topic to say the least. I will update this thread as I'm able
We've gotten used to organizing VM with the tags in vmware, and now we do the same with categories in Nutanix. So I'm hoping to see EM and Veeam ONE be able to work with the Nutanix categories everywhere.
Although this is less directly related to Enterprise Manager, the overall objective is the same.
We have a large customer with approximately 25 TV stations/sites (amongst other corp. DCs). They are migrating from VMware to Nutanix AHV and want to deploy a centralized Prism Central instance. The goal is to create separate accounts in Prism Central, each with only the permissions required for a single site or TV station.
These limited-scope Prism Central accounts would then be used by each site’s dedicated VBR server. The intent is to limit blast exposure in the event an account was compromised.
Is it possible to create a Prism Central account that provides only the administrative access required by VBR for a single cluster? This way each site would have the same Prism Central added but only access to the local cluster. This would allow them the ability to leverage AHV Categories as they do VMware Tags today.
