As a VMware Aria Automation organization owner, you are responsible for managing the access and the budget for your infrastructure resources. You have a team of cloud template developers who iteratively create and deploy templates for different projects until they are ready to deliver to their consumers. You then deliver the deployable resources to the consumers in a catalog.

This use case assumes that you understand that use case 1 is an administrator-only use case. You now want to expand your system to support more teams and larger goals.

  • Let developers create and deploy their own application cloud templates during development. You add yourself as administrator, then add additional users with both the service user and the service viewer role. Next, you add the users a as project members. The project members can develop and deploy their own cloud templates.
  • Publish cloud templates to a catalog where you make them available for non-developers to deploy. Now you are assigning user roles for Automation Service Broker. Automation Service Broker provides a catalog for the cloud template consumers. You can also use it to create policies, including leases and entitlements, but that functionality is not part of this user role use case.

Prerequisites

Procedure

  1. Assign organization member roles to your cloud template developer users.
    If you need instructions, see the previous use case.
  2. Assign the Automation Assembler service member role to your cloud template developers.
    1. Click Add Service Access.

      Assembler role with administrator and viewer selected.
    2. Configure the user with the following value.
      Service Role
      Assembler Assembler User
      Assembler Assembler Viewer
      In this use case, your developers need to see the infrastructure to ensure that they are building deployable cloud templates. As users that you will assign as project administrators and project members in the next step, they cannot see the infrastructure. As service viewers they can see how the infrastructure is configured, but cannot make any changes. As the cloud administrator, you remain in control, but give them access to the information they need to develop cloud templates.
  3. Create projects in Automation Assembler that you use to group resources users.
    In this use case, you create two projects. The first project is PersonnelAppDev and the second is PayrollAppDev.
    1. In the console, click Services, and then click VMware Aria Automation.
    2. In VMware Aria Automation, click Assembler.
    3. Select Infrastructure > Projects > New Project.
    4. Enter PersonnelAppDev as the name.
    5. Click Users, and then click Add Users.
    6. Add project members and assign a project administrator.
      Project Role Description
      Project User A project member is the primary developer user role in a project. Projects determine what cloud resources are available when you are ready to test your development work by deploying a cloud template.
      Project Administrator A project administrator supports their developers by adding and removing users for your projects. You can also delete your projects. To create a project, you must have service administrator privileges.
    7. For the users that you are adding as project members, enter the email address of each user, separated by a comma, and select User in the Assign role drop-down menu.

      List of project members and the administrator.
    8. For the designated administrators, select Administrator in the Assign role drop-down menu and provide the necessary email address.
    9. Click the Provisioning tab and add one or more cloud zones.
      When the cloud template developers who are part of this project deploy a template, it is deployed to the resources available in the cloud zones. You must ensure that the cloud zone resources match the needs of the project development team templates.
    10. Repeat the process to add the PayrollAppDev project with the necessary users and an administrator.
  4. Provide the service user with the necessary login information and verify that the members of each project can do the following tasks.
    1. Open Automation Assembler.
    2. See the infrastructure across all projects.
    3. Create a cloud template for the project that they are a member of.
    4. Deploy the cloud template to the cloud zone resources defined in the project.
    5. Manage their deployments.
  5. Assign organization member roles to your cloud template developer users.
    If you need instructions, see the first use case.
  6. Assign roles to a catalog administrator, catalog consumers, and cloud template developers based on their job.
    1. Click Add Service Access.
    2. Configure the catalog administrator with the following value.
      This role might be you, the cloud administrator, or it might be someone else on your application development team.
      Service Role
      Service Broker Service Broker Administrator
    3. Configure the cloud template consumers with the following value.
      Service Role
      Service Broker Service Broker User

      Configure the service user.
    4. Configure the cloud template developers with the following value.
      Service Role
      Assembler Assembler User
  7. Create projects in Automation Assembler that you use to group resources and users.
    In this use case, you create two projects. The first project is PersonnelAppDev and the second is PayrollAppDev.
    If you need instructions, see the previous use case.
  8. Create and release cloud templates for each project team.
    If you need instructions, see the first scenario.
  9. Import an Automation Assembler cloud template into Automation Service Broker.
    You must log in as a user with the Automation Service Broker Administrator role.
    1. Log in as a user with the Automation Service Broker Administrator role.
    2. In the console, click Services, and then click Service Broker.
    3. Select Content and Policies > Content Sources, and click New.

      Configure the content source.
    4. Select VMware Cloud Templates.
    5. Enter PersonnelAppImport as the name.
    6. In the Source project drop-down menu, select PersonnelAppDev and click Validate.
    7. When the source is validated, click Create and Import.
    8. Repeat for PayrollAppDev using PayrollAppImport as the content source name.
  10. Share an imported cloud template with a project.
    Although the cloud template is already associated with a project, you create a sharing policy in Automation Service Broker to make it available in the catalog.
    1. Continue as a user with the Automation Service Broker administrator role.
    2. In Automation Service Broker, select Content and Policies > Policies > Definitions.
    3. Click New Policy, and then click Content Sharing Policy.
    4. Enter a Name.
    5. On the Scope list, select the PersonnelAppDev project.
    6. In the Content sharing section, click Add Items.

      Select the cloud templates for sharing.
    7. In the Share Items dialog box, select the PersonnelApp cloud template and click Save.
    8. In the Users section, select the project users and groups that you want to see the item in the catalog.
    9. Click Create.
  11. Verify that the cloud template is available in the Automation Service Broker catalog to the project members.
    1. Request that a project member log in and select Consume > Catalog.

      Locate the catalog item.
    2. Click Request on the PersonnelApp cloud template card.
    3. Complete the form and click Submit.
  12. Verify that the project member can monitor the deployment process.
    1. Request that the project member select Consume > Deployments and locate their provisioning request.

      Locate the deployment.
    2. When the cloud template is deployed, verify that the requesting user access the application.
  13. Repeat the process for the additional projects.

Results

In this use case, recognizing that need to delegate the cloud template development to the developers, you add more organization members. You made them Automation Assembler users. You then made them members of relevant projects so that they can create and deploy cloud templates. As project members, they cannot see or alter the infrastructure that you continue to manage, but you gave them full service viewer permissions sot that they could understand the constraints of infrastructure that they are designing for.

In this use case, you configure users with various roles, including the Automation Service Broker administrator and users. You then provide the non-developer users with the Automation Service Broker catalog.

What to do next

To learn how to define and assign custom roles to user, see User role use case 3: Set up VMware Aria Automation custom user roles to refine system roles.