VMware Aria Automation has several levels of user roles. These different level control access to the organization, the services, the projects that produce or consume the cloud templates, catalog items, and pipelines, and the ability for uses to use or see individual parts of the user interface. These different levels give cloud administrators different tools to apply any level of granularity that is required by their operational needs.

General role descriptions

The user roles are defined at different levels. The service level roles are defined for each service.

More details for the service roles is provided below this table.

Role General permissions Where the role is defined
Organization Owner Can access the console and add users to organization.

The organization owner cannot access a service unless they have a service role.

More about the Organization User Roles

Organization console
Organization Member Can access the console.

The organization member cannot access a service unless they have a service role.

More about the Organization User Roles

Organization console
Service Administrator Can access the console and has full view, update, and delete privileges in the service. Organization console
Service User Can access the console and the service with limited permissions.

The service member has limited user interface. What they can see or do depends on their project membership.

Organization console
Service Viewer Can access the console and the service in a view-only mode. Organization console
Executor (Automation Pipelines only) Can access the console and manage pipeline executions.

More about Pipelines roles

Organization console
Orchestrator Workflow Designer (Orchestrator only) Can create, run, edit, and delete their own Orchestrator Client content. Can add their own content to their assigned group. Does not have access to the administration and troubleshooting features of the Orchestrator Client.

More about Orchestrator roles

Organization console
Project roles Can view and manage project resources depending on project role.

Project roles include administrator, member, and viewer.

More about project roles

Automation Assembler, Automation Service Broker, and Automation Pipelines
Custom roles The permissions are defined by the Automation Assembler Administrator for all the services.

The user must have at least a service viewer role in the relevant services so that they can access the service. The custom roles take precedence over the service roles.

More about custom roles

Automation Assembler and Automation Service Broker
Infrastructure administrator built-in role Gives predefined permissions for tasks in VMware Aria Automation .

More about the Infrastructure Administrator role

Using the API