As an Automation Assembler administrator, you can create custom roles that define what users can see and do in VMware Aria Automation. You can then assign users to those roles.

Custom user role permissions

Using Automation Assembler, you can define more granular user roles and then assign users to those roles. The custom roles have two categories, view and manage.

  • View. A user assigned to a role with this permission can see all the items for all projects in the selected sections of the user interface. This role is useful for users who need to see accounts, configurations, or assigned values.
  • Manage. A user assigned to a role with this permission can see all the items and has full add, edit, and delete permissions for all projects in the selected sections of the user interface.

These permissions extend the privileges that are granted by the other roles and are not restricted by project membership. For example, you can expand a project administrator's permissions to manage parts of the infrastructure or give a service viewer an ability to review and respond to approvals requests.

How do I create custom user roles

To define the user roles and assign users, open Automation Assembler or Automation Service Broker as a service administrator. You cannot configure the custom roles in Automation Pipelines, however the roles apply to all the services.

  1. Select Infrastructure > Administration > Custom Roles.
  2. Click New Custom Role and enter a unique Name that you can identify when you assign users to the role.
  3. Select the check boxes that correspond to the permissions you want the users to have over the resources.
  4. Click Create.
  5. In the list, click the custom role name and click Assign.
  6. Add the users or groups that you want to have this role and click Add.

How do I determine what custom roles the users have

To manage the users with the custom roles, you can review the users and groups.

  1. Select Infrastructure > Administration > Users and Groups.
  2. Review the Custom Roles column to locate users with the role.
  3. To add or remove roles for a user, click the user's name and then modify the custom role assignments.

Custom Role Descriptions

In most cases the role description is provided in the user interface. However, there are some extended descriptions provided in the following table.

Table 1. Custom Roles
User Interface Permission Description
Infrastructure
View Cloud Accounts. View cloud accounts.
Manage Cloud Accounts Create, update, or delete cloud accounts.
View Image Mappings View image mappings.
Manage Image Mappings Create, update, or delete image mappings.
View Flavor Mappings View flavor mappings.
Manage Flavor Mappings Create, update, or delete flavor mappings.
View Cloud Zones

View cloud zones, Insights, and alerts.

Manage Cloud Zones

Create, update, or delete cloud zones. Manage alerts.

View Requests View activity requests.
Manage Requests Delete requests from the list.
View Integrations View integrations.
Manage Integrations Create, update, or delete integrations.
View Projects View projects.
Manage Projects Create projects. Add users and assign roles in projects. Update, or delete values from project summary, users, provisioning, Kubernetes, integrations, and test project configurations.
View Onboarding Plans View onboarding plans
Manage Onboarding Plans Create, update, run, or delete onboarding plans
Catalog
View Content
Manage Content Add, update, delete content sources.

Customize the content, including the catalog icons and request forms.

Policies
View Policies View policy definitions.
Manage Policies Create, update, or delete policy definitions.
Deployments
View Deployments

View all deployments, including deployment details, deployment history, alerts, and troubleshooting information.

Manage Deployments

View all deployments, respond to alerts, and run all day 2 actions that the day 2 policies allow an administrator to run on deployments and deployment components.

Cloud Templates

View Cloud Templates

View cloud templates.

Manage Cloud Templates

Create, update, test, delete, version, share cloud templates, and release/unrelease a cloud template version.

Edit Cloud Templates

Create, update, test, version, share cloud templates, and release/unrelease a cloud template version. The role does not have permission to delete cloud templates.

Deploy Cloud Templates

Test and deploy any cloud template in any project.

Deploy In-line Cloud Template Content

Deploy any cloud template in the projects that the assignees are associated with. The project roles can be administrator, member, or viewer.

View property groups View all property groups for all projects.
Manage property groups Create, update, and delete property groups in any project.
XaaS
View Custom Resources View custom resources.
Manage Custom Resources Create, update or delete custom resources.
View Resource Actions View custom actions.
Manage Resource Actions Create, update, or delete custom actions
Extensibility
View Extensibility Resources View events, subscriptions, event topics, actions, workflows, action runs, and workflow runs.
Manage Extensibility Resources Create, update, delete, and deactivate extensibility subscriptions.

Create, update, or delete extensibility actions. Cancel or delete extensibility action runs.

Pipeline
Manage Pipelines Create, edit, and delete pipeline, endpoint, variable, and trigger configurations.

Restricted models are excluded.

Manage Restricted Pipelines Create, edit, and delete pipeline, endpoint, variable, and trigger configurations.

Restricted models are included.

Manage Custom Integrations Add, edit, and delete custom integrations.
Execute Pipelines Run pipeline model executions and triggers, and pause, cancel, resume, or re-run the executions and triggers.
Execute Restricted Pipelines Run pipeline model executions and triggers, and pause, cancel, resume, or re-run the executions and triggers.

Resolve restricted endpoints and variables.

Manage Executions Run pipeline model executions and triggers, and pause, cancel, resume, or re-run the executions and triggers.

Resolve restricted endpoints and variables.

Delete executions.

Approval
Manage Approvals

View the Approvals tab where you can approve or reject approval requests.

Approver with this role will not receive an email notification about an approval request unless they are an approver in the policy.