Automation Orchestrator administrators can set permissions that control access to features and content in the Automation Orchestrator Client. Access rights are separated into user roles and group permissions.
License | Authentication | |
---|---|---|
vSphere | VMware Aria Automation | |
VMware vSphere Standard VMware vSphere Foundation |
Role management is not supported. Groups support only Run permissions. | Not applicable |
VMware Cloud Foundation | Manage roles in the Automation Orchestrator Client. |
Manage roles through Identity and Access Management in VMware Aria Automation. See Configure Automation Orchestrator Client Roles in VMware Aria Automation. |
Group permissions control what Automation Orchestrator Client content users can view and use, such as workflows, actions, policies, configuration elements, and resource elements. Access to preconfigured system Automation Orchestrator content like standard workflows and actions is shared among all users, unless configured otherwise through group permissions.
Access rights of users with administrator and viewer roles are not restricted by group permissions. Access rights of users without an assigned role and users with a workflow designer role depend on the group assigned to them. You can extend the access rights of these users by modifying their group permissions. In this way, you can organize users into common projects. For example, you can create a group that includes users working on developing a custom Automation Orchestrator plug-in and allow them to modify only content that is specific to their group.
Role | Access Rights | ||
---|---|---|---|
Administrator | Administrators can access all Automation Orchestrator Client features and content, including the content created by specific groups. Responsible for setting user roles, creating and deleting groups, and adding users to groups. Administrators are not limited by group permissions. Tenant administrators from VMware Aria Automation environments used to authenticate Automation Orchestrator have Administrator rights by default. |
||
Viewer | Viewers have read-only access to all content in the Automation Orchestrator Client, but cannot create, edit, run, or export content. Viewers can also see all groups and group content. Viewers are not limited by group permissions. The Viewer role overwrites the Workflow Designer role when set to the same user account. |
||
Group Permissions | |||
No assigned group | Run | Run and edit | |
Workflow Designer |
|
|
Not available for Automation Orchestrator instances authenticated with vSphere. |
User without an assigned role |
These access rights are granted by default to users in VMware Aria Automation and vSphere without an assigned Automation Orchestrator role and group. |
|
To be able to create, edit, and add content, users in this group must be assigned a Workflow Designer role. Not available for Automation Orchestrator instances authenticated with vSphere. |