The infrastructure administrator role is a built-in role that you can assign to selected users. You cannot assign the role in the user interface.

When should I assign this user role

You can duplicate the permissions using the custom user role options. However, you can give this built-in role to users who are limited administrators.

Infrastructure administrator role permissions

The following table provides the list of management permissions and other permissions the an infrastructure administrators needs. These permissions cannot be modified. If you want a user to have more limited permissions, use the custom roles to create a user role that meets your particular needs.

Table 1. Provided permissions for the Infrastructure Administrator built-in role
Permission to create, edit, update, or delete Other permissions
  • Cloud accounts
  • Integrations
  • Cloud zones
  • Flavor mappings
  • Image mappings
  • Onboarding plans
  • Create and view projects
  • Add users and assign roles to users in projects
  • Edit cloud zones in projects
  • View and delete request status
  • View event logs
  • View request details

How do I assign the Infrastructure Administrator role

This built-in role is assigned using the RBAC API. You first get the role and then assign the role to a user.

Before you begin:

  1. Go to $vra/project/api/swagger/swagger-ui.html?urls.primaryName=rba where $vra is the base URL for your instance.
  2. In the upper right corner of the page, in the Select a definition drop-down list, select rbac: 2020-08-10.
  3. To retrieve the user role, open the Role section, run GET /rbac-service/api/roles.
    The results should look similar to the following example.
    "content": [
          "description": "Infrastructure Administrator",
          "hidden": false,
          "id": "infrastructure_administrator",
          "name": "Infrastructure Administrator",
          "orgId": "string",
          "permissions": [
          "projectScope": true
  4. To add a user to the role, open the Role Assignment section, open and edit the PUT /rbac-service/api/role-assignments command with the user name included.
    For example,
      "orgId": "string",
      "principalId": "Username@domain",
      "principalType": "user",
      "projectId": "string",
      "rolesToAdd": [
      "rolesToRemove": [
  5. Run the modified PUT command.
  6. To verify the results, instruct the assigned user to log in and ensure that they have the permissions defined above.