As an organization owner, you give VMware Cloud Services users two types of role-based access when you invite them to join your organization: organization role access and service role access.

You view and manage users roles in your organization from the Identity and Access Management > Active Users menu in Cloud Services Console.
Organization Roles and Permissions
Organization roles determine the capabilities that a user has on the VMware Cloud Services Console. Access to an organization's resources is determined by the role assigned to each user in the organization: as an organization owner with full access, or as an organization member with read-only access.
Organization owners have full administrative access to the organization's resources and can assign role-based access to organization members. They can also self-assign roles to themselves.
Service Roles and Permissions
VMware Cloud services, such as VMware Carbon Black Cloud, come with a pre-defined built-in set of service roles that determine the capabilities that a user has in the specific service. Organization owners grant users access to cloud services according to the roles provided by each cloud service. For more information about built-in service roles, see Predefined User Roles.
Custom Roles
Custom roles combine permissions from existing service roles in the organization. Organization owners create and manage custom roles from the Identity and Access Management > Roles menu in the Cloud Services Console.