How do I assign the Automation Assembler Infrastructure Administrator built-in role to a user

The infrastructure administrator role is a built-in role that you can assign to selected users. You cannot assign the role in the user interface.

When should I assign this user role

You can duplicate the permissions using the custom user role options. However, you can give this built-in role to users who are limited administrators.

Infrastructure administrator role permissions

The following table provides the list of management permissions and other permissions the an infrastructure administrators needs. These permissions cannot be modified. If you want a user to have more limited permissions, use the custom roles to create a user role that meets your particular needs.

Table 1. Provided permissions for the Infrastructure Administrator built-in role
Permission to create, edit, update, or delete	Other permissions
Cloud accounts Integrations Cloud zones Flavor mappings Image mappings Onboarding plans	Create and view projects Add users and assign roles to users in projects Edit cloud zones in projects View and delete request status View event logs View request details

How do I assign the Infrastructure Administrator role

This built-in role is assigned using the RBAC API. You first get the role and then assign the role to a user.

Before you begin:

Familiarize yourself with the API. See the programming guides listed in the VMware Aria Automation APIs and CLI section at the bottom of https://docs.vmware.com/en/VMware-Aria-Automation/index.html.
Within an API Programming Guide, find the instructions to get an API token:
- For SaaS, see Getting Your Authentication Token.
- For on-prem, see any 8.x version of Get Your Access Token.

Go to $vra/project/api/swagger/swagger-ui.html?urls.primaryName=rba where $vra is the base URL for your instance.
In the upper right corner of the page, in the Select a definition drop-down list, select rbac: 2020-08-10.

To retrieve the user role, open the Role section, run GET /rbac-service/api/roles.

The results should look similar to the following example.

"content": [
    {
      "description": "Infrastructure Administrator",
      "hidden": false,
      "id": "infrastructure_administrator",
      "name": "Infrastructure Administrator",
      "orgId": "string",
      "permissions": [
        "string"
      ],
      "projectScope": true
    }

To add a user to the role, open the Role Assignment section, open and edit the PUT /rbac-service/api/role-assignments command with the user name included.

For example,

{
  "orgId": "string",
  "principalId": "Username@domain",
  "principalType": "user",
  "projectId": "string",
  "rolesToAdd": [
    "infrastructure_administrator"
  ],
  "rolesToRemove": [
    "string"
  ]
}

Run the modified PUT command.
To verify the results, instruct the assigned user to log in and ensure that they have the permissions defined above.