The infrastructure administrator role is a built-in role that you can assign to selected users. You cannot assign the role in the user interface.
When should I assign this user role
You can duplicate the permissions using the custom user role options. However, you can give this built-in role to users who are limited administrators.
Infrastructure administrator role permissions
The following table provides the list of management permissions and other permissions the an infrastructure administrators needs. These permissions cannot be modified. If you want a user to have more limited permissions, use the custom roles to create a user role that meets your particular needs.
Permission to create, edit, update, or delete | Other permissions |
---|---|
|
|
How do I assign the Infrastructure Administrator role
This built-in role is assigned using the RBAC API. You first get the role and then assign the role to a user.
Before you begin:
- Familiarize yourself with the API. See the programming guides listed in the VMware Aria Automation APIs and CLI section at the bottom of https://docs.vmware.com/en/VMware-Aria-Automation/index.html.
- Within an API Programming Guide, find the instructions to get an API token:
- For SaaS, see Getting Your Authentication Token.
- For on-prem, see any 8.x version of Get Your Access Token.
- Go to
$vra/project/api/swagger/swagger-ui.html?urls.primaryName=rba
where$vra
is the base URL for your instance. - In the upper right corner of the page, in the Select a definition drop-down list, select rbac: 2020-08-10.
- To retrieve the user role, open the Role section, run GET /rbac-service/api/roles.
The results should look similar to the following example.
"content": [ { "description": "Infrastructure Administrator", "hidden": false, "id": "infrastructure_administrator", "name": "Infrastructure Administrator", "orgId": "string", "permissions": [ "string" ], "projectScope": true }
- To add a user to the role, open the Role Assignment section, open and edit the PUT /rbac-service/api/role-assignments command with the user name included.
For example,
{ "orgId": "string", "principalId": "Username@domain", "principalType": "user", "projectId": "string", "rolesToAdd": [ "infrastructure_administrator" ], "rolesToRemove": [ "string" ] }
- Run the modified PUT command.
- To verify the results, instruct the assigned user to log in and ensure that they have the permissions defined above.