Data Management for VMware Tanzu uses roles and responsibilities to determine what actions a user can perform in a DMS installation.
User Roles
Data Management for VMware Tanzu pre-defines these three user roles:
- Provider Administrator
- Organization Administrator
- Organization User
Provider Roles
Data Management for VMware Tanzu defines a single provider role named Provider Administrator. This role manages the Data Management for VMware Tanzu installation. A user acting in the Provider Administrator role is a member of the Provider organization.
The Provider Administrator credentials are established during deployment of the Provider VM. Among other tasks, users in this role can import additional Provider Administrator users, create organizations, and create and import organization users.
Organization Roles
The Provider Administrator user assigns a role to each Data Management for VMware Tanzu user that they create or import in an organization.
A user that is assigned the Organization Administrator role can manage all services in the organization to which they belong. A user assigned the Organization User can manage only the services that they provision.
Roles and Their Responsibilities
Each Data Management for VMware Tanzu role has a default set of responsibilities as described in the table below.
| Responsibility | Provider Administrator | Organization Administrator | Organization User |
|---|---|---|---|
| Deploy Provider VM | ✓ | ||
| Monitor Provider VM | ✓ | ||
| Deploy Agent VM | ✓ | ||
| Onboard Cluster with Data Management for VMware Tanzu | ✓ | ||
| Share Infrastructure | ✓ | ||
| Onboard/Delete Infrastructure | ✓ | ✓ | |
| View/Monitor Infrastructure | ✓ | ✓ | ✓ |
| Manage Organizations | ✓ | ||
| Manage Users | ✓ | ||
| Manage Templates | ✓ | ||
| Manage Instance Plans | ✓ | ||
| Manage DMS Installation Settings (LDAP, SMTP, others) | ✓ | ||
| Manage SSL/TLS Certificates for the DMS Console | ✓ | ||
| Manage the Root CA for an Organization | ✓ | ||
| Provision Service Instances | ✓ | ✓ | |
| Manage Service Instances | ✓ | ✓ | |
| View/Monitor Service Instance | ✓ | ✓ | ✓ |
| Manage SSL/TLS Certificates for all Service Instances Provisioned in the Organization | ✓ | ||
| Manage SSL/TLS Certificates for my Service Instances | ✓ | ✓ | |
| Manage SSH Access to Service Instances | ✓ | ✓ | ✓ |
| Manage VM Operations (Clone, Power Off/On) on a Service Instance | ✓ | ✓ | |
| Manage Database Operations (DB Options, SSL/TLS, Resource Scaling, Extend Disk) on a Service Instance | ✓ | ✓ | |
| Manage Service Instance Read Replicas | ✓ | ✓ | |
| Manage Service Instance Backups | ✓ | ✓ |
