VAO controls access to its functionality with the help of scopes. A scope defines what operations users can perform and what range of data is available to them in the VAO UI.
For a scope, you can:
- Assign user roles to users from that scope. A user role limits the number of operations available in the VAO UI to users with that role.
There are two user roles that can be assigned to users and user groups working with the VAO UI: Administrator and Plan Author. For the role descriptions, see the Veeam Availability Orchestrator Deployment Guide, section Roles.
VAO already provides one out-of-the-box Default scope. If you want to provide more granular permissions to users managing resources of the VAO server, you can create a new scope. However, you will be able to assign only the Plan Author role to users added to the scope.
Plan Authors in the Default scope have additional privileges compared to users in scopes that you create manually (for example, they can edit and run any plan for any other scope).
- Limit the number of plan components available in the VAO UI to users from that scope. Plan components are then used to create orchestration plans.
- Navigate to Plan Components.
- Follow the instructions provided in sections Managing VM Groups, Managing Recovery Locations, Configuring Plan Steps, Managing Credentials, Connecting DataLabs and Editing Template Jobs.