Data Management for VMware Tanzu uses roles and responsibilities to determine what actions a user can perform in the installation.
User Roles
Data Management for VMware Tanzu pre-defines these three user roles:
- Provider Administrator
- Organization Administrator
- Organization User
Provider Roles
Data Management for VMware Tanzu defines a single provider role named Provider Administrator. This role manages the Data Management for VMware Tanzu installation. A user acting in the Provider Administrator role is a member of the Provider organization.
The Provider Administrator credentials are established during deployment of the Provider VM. Among other tasks, users in this role can:
- Import additional Organization Administrators and Organization Users.
- Create organizations.
- Create, view, update, and delete, Organization Administrators and Organization Users.
For more information, see Roles and Their Responsibilities.
Organization Roles
The Provider Administrator user assigns a role to each Data Management for VMware Tanzu user that they create or import in an organization.
A user that is assigned the Organization Administrator role can manage all services in the organization to which they belong. An Organization Administrator can:
- Create Organization Users for the organization of the Organization Administrator.
- View Organization Users and Organization Administrators that belong to the organization of the Organization Administrator along with the Provider Administrator.
- Update Organization Users that belong to the organization of the Organization Administrator. However, an Organization Administrator cannot upgrade an Organization User to an Organization Administrator role.
- Delete Organization Users that belong to the organization of the Organization Administrator.
Users that are assigned the role of Organization Users can manage only the services that they provision. An Organization User can only create, delete, and manage the databases that they create.
Roles and Their Responsibilities
Each Data Management for VMware Tanzu role has a default set of responsibilities as described in the following table:
| Responsibility | Provider Administrator | Organization Administrator | Organization User |
|---|---|---|---|
| Deploy Provider VM | ✓ | ||
| Monitor Provider VM | ✓ | ||
| Managing Provider VM Updates | ✓ | ||
| Deploy Agent VM | ✓ | ✓ | |
| Onboard Cluster with Data Management for VMware Tanzu | ✓ | ||
| Share Environment | ✓ | ||
| Onboard/Delete Environment | ✓ | ✓ | |
| View/Monitor Environment | ✓ | ✓ | ✓ |
| Manage Environment | ✓ | ✓ | |
| Manage Organizations | ✓ | ||
| Manage Users | ✓ | ✓ | |
| Manage Templates | ✓ | ||
| Manage Instance Plans | ✓ | ||
| Manage Data Management for VMware Tanzu Installation Settings (LDAP, SMTP, others) | ✓ | ||
| Manage SSL/TLS Certificates for the Data Management for VMware Tanzu Console | ✓ | ||
| Manage the Root CA for an Organization | ✓ | ✓ | |
| Provision database VMs | ✓ | ✓ | ✓ |
| Manage database VMs | ✓ | ✓ | ✓ |
| View/Monitor database VMs | ✓ | ✓ | ✓ |
| Manage SSL/TLS Certificates for all database VMs Provisioned in the Organization | ✓ | ✓ | |
| Manage SSL/TLS Certificates for my database VMs | ✓ | ✓ | ✓ |
| Manage SSH Access to database VMs | ✓ | ✓ | ✓ |
| Manage VM Operations (Clone, Power Off/On) on a database VM | ✓ | ✓ | ✓ |
| Activate or deactivate Email Notification | ✓ | ✓ | ✓ |
| Manage Database Maintenance Policy | ✓ | ✓ | ✓ |
| Manage Database VM Tags | ✓ | ✓ | ✓ |
| Generate Database VM Logs | ✓ | ✓ | ✓ |
| Manage Database Operations (DB Options, SSL/TLS, Resource Scaling, Extend Disk) on a database VM | ✓ | ✓ | ✓ |
| Change Database VM Ownership | ✓ | ✓ | |
| Manage Database VM Upgrades (OS and Database Engine) | ✓ | ✓ | ✓ |
| Manage Read Replicas Database VMs | ✓ | ✓ | ✓ |
| Manage Database Backups | ✓ | ✓ | ✓ |
| Recover Database VMs | ✓ | ✓ | ✓ |
For more information about user roles, see Provider Roles and Organization Roles.
