The infrastructure administrator role is a built-in role that you can assign to selected users. You cannot assign the role in the user interface.
When should I assign this user role
You can duplicate the permissions using the custom user role options. However, you can give this built-in role to users who are limited administrators.
Infrastructure administrator role permissions
The following table provides the list of management permissions and other permissions the an infrastructure administrators needs. These permissions cannot be modified. If you want a user to have more limited permissions, use the custom roles to create a user role that meets your particular needs.
Permission to create, edit, update, or delete | Other permissions |
---|---|
|
|
How do I assign the Infrastructure Administrator role
This built-in role is assigned using the RBAC API. You first get the role and then assign the role to a user.
Before you begin:
- Familiarize yourself with the API. See the vRealize Automation API Programming Guide.
- Familiarize yourself with the API. See the vRealize Automation 8.6 API Programming Guide.
- Get an API bearer token. See the Get Your Access Token article in vRealize Automation API Programming Guide.
- Get an API bearer token. See See the Get Your Access Token article in vRealize Automation 8.6 API Programming Guide
- Go to
$vra/project/api/swagger/swagger-ui.html?urls.primaryName=rba
where$vra
is the base URL for your instance. - In the upper right corner of the page, in the Select a definition drop-down list, select rbac: 2020-08-10.
- To retrieve the user role, open the Role section, run GET /rbac-service/api/roles.
The results should look similar to the following example.
"content": [ { "description": "Infrastructure Administrator", "hidden": false, "id": "infrastructure_administrator", "name": "Infrastructure Administrator", "orgId": "string", "permissions": [ "string" ], "projectScope": true }
- To add a user to the role, open the Role Assignment section, open and edit the PUT /rbac-service/api/role-assignments command with the user name included.
For example,
{ "orgId": "string", "principalId": "Username@domain", "principalType": "user", "projectId": "string", "rolesToAdd": [ "infrastructure_administrator" ], "rolesToRemove": [ "string" ] }
- Run the modified PUT command.
- To verify the results, instruct the assigned user to log in and ensure that they have the permissions defined above.