User roles determine what you can see and do in Cloud Assembly. Some roles are defined at the organization level, and some are specific to Cloud Assembly.

User Roles

User roles are defined for the organization in the vRealize Automation Cloud console by an organization owner. There are two types of roles, organization roles and service roles.

The organization roles are global and apply to all services in the organization. The organization-level roles are Organization owner or Organization Member role.

The Cloud Assembly service roles, which are service-specific permissions, are also assigned at the organization level in the console.

Cloud Assembly Service Roles

The Cloud Assembly service roles determine what you can see and do in Cloud Assembly. These service roles are defined in the console by an organization owner.

Table 1. Cloud Assembly Service Role Descriptions
Role Description
Cloud Assembly Administrator Must have read and write access to the entire user interface and API resources. This is the only user role that can see and do everything, including add cloud accounts, create new projects, and assign a project administrator.
Cloud Assembly User A user who does not have the Cloud Assembly Administrator role.

In a Cloud Assembly project, the administrator adds users to projects as project members. The administrator can also add a project administrator. The permission for these two roles are defined below.

Cloud Assembly Viewer A user who can see information but cannot create, update, or delete values. This is a read-only role.

In addition to the service roles, Cloud Assembly has project roles.

The project roles are defined in Cloud Assembly and can vary between projects.

In the following tables, which tells your what the different service and project roles can see and do, remember that the service administrators have full permission on all areas of the user interface.

You the descriptions of project roles will help you as you decide what permissions to give your users.

  • Project administrators leverage the infrastructure that is created by the service administrator to ensure that their project members have the resources they need for their development work.
  • Project members work within their projects to design and deploy blueprints.
  • Project viewers are restricted to read-only access, except in a few cases where they can do non-destructive things like download blueprints.
Table 2. Cloud Assembly service roles and project roles
UI Context Task Cloud Assembly Administrator Cloud Assembly Viewer Cloud Assembly User

User must be a project administrator or member to see and do project-related tasks.

Project Administrator Project Member Project Viewer
Access Cloud Assembly
Console In the vRA console, you can see and open Cloud Assembly Yes Yes Yes Yes Yes
Infrastructure
See and open the Infrastructure tab Yes Yes Yes Yes Yes
Configure - Projects Create projects Yes
Update, or delete values from project summary, users, provisioning, Kubernetes, integrations, and test project configurations. Yes Yes. Your projects
View projects Yes Yes Yes. Your projects Yes. Your projects Yes. Your projects
Configure - Cloud Zones Create, update, or delete cloud zones Yes
View cloud zones Yes Yes
Configure - Kubernetes Zones Create, update, or delete Kubernetes zones Yes
View Kubernetes zones Yes Yes
Configure - Flavors Create, update, or delete flavors Yes
View flavors Yes Yes
Configure - Image Mappings Create, update, or delete image mappings Yes
View image mappings Yes Yes
Configure - Network Profiles Create, update, or delete network profiles Yes
View image network profiles Yes Yes
Configure - Storage Profiles Create, update, or delete storage profiles Yes
View image storage profiles Yes Yes
Configure - Tags Create, update, or delete tags Yes
View tags Yes Yes
Resources - Compute View discovered compute resources Yes Yes
Resources - Networks Modify network tags, IP ranges, IP addresses Yes
View discovered network resources Yes Yes
Resources - Security View discovered security groups Yes Yes
Resources - Storage Add tags to discovered storage Yes
View storage Yes Yes
Resources - Machines Add and delete machines Yes
View machines Yes Yes Yes Yes. Your projects
Resources - Volumes Delete discovered storage volumes Yes
View discovered storage volumes Yes Yes Yes Yes. Your projects.
Resources - Kubernetes Deploy or add Kubernetes clusters, and create or add namespaces Yes
View Kubernetes clusters and namespaces Yes Yes Yes Yes. Your projects
Activity - Requests Delete deployment request records Yes Yes. Your projects
View deployment request records Yes Yes Yes. Your projects Yes. Your projects Yes. Your projects
Activity - Event Logs View event logs Yes Yes Yes. Your projects Yes. Your projects Yes. Your projects
Connections - Cloud Accounts Create, update, or delete cloud accounts Yes
View cloud accounts Yes Yes
Connections - Integrations Create, update, or delete integrations Yes
View integrations Yes Yes
Connections - Cloud Proxies Create, update, or delete cloud proxies Yes
View cloud proxies Yes Yes
Onboarding Create, update, or delete onboarding plans Yes
View onboarding plans Yes Yes Yes. Your projects
MarketPlace
See and open the Marketplace tab Yes Yes
Use the downloaded blueprints on the Design tab Yes Yes. If associated with your projects. Yes. If associated with your projects.
Marketplace - Blueprints Download a blueprint Yes
View the blueprints Yes Yes
Marketplace - Images Download images Yes
View images Yes Yes
Marketplace - Downloads View the log of all downloaded items Yes Yes
Extensibility
See and open the Extensibility tab Yes Yes Yes.
Events View extensibility events Yes Yes Yes. Your projects Yes. Your projects
Subscriptions Create, update, or delete extensibility subscriptions Yes
Disable subscriptions Yes Yes. Your projects.
View subscriptions Yes Yes Yes. Your projects
Library - Event topics View event topics Yes Yes Yes. Your projects
Library - Actions Create, update, or delete extensibility actions Yes
Modify or delete extensibility actions Yes Yes. Your projects
View extensibility actions Yes Yes Yes. Your projects
Library - Workflows View extensibility workflows Yes Yes Yes. Your projects Yes. Your projects
Activity - Action Runs Cancel or delete extensibility action runs Yes Yes. Your projects
View extensibility action runs Yes Yes Yes. Your projects Yes. Your projects
Activity - Workflow Runs View extensibility workflow runs Yes Yes Yes. Your projects Yes. Your projects
Design
Design Open the Design tab and see a list of blueprints Yes Yes Yes. Your projects Yes. Your projects Yes. Your projects
Blueprints Create, update, and delete blueprints Yes Yes. Your projects Yes. Your projects
View blueprints Yes Yes Yes. Your projects Yes. Your projects Yes. Your projects
Download blueprints Yes Yes Yes. Your projects Yes. Your projects Yes. Your projects
Upload blueprints Yes Yes. Your projects Yes. Your projects
Deploy blueprints Yes Yes. Your projects Yes. Your projects
Version blueprints Yes Yes. Your projects Yes. Your projects
Release blueprints to the catalog Yes Yes. Your projects
Deployments
See and open the Deployments tab Yes Yes Yes Yes yes
View deployments, including deployment details, deployment history, and troubleshooting information. Yes Yes. Only shared projects Yes. Your projects Yes. Your projects Yes. Your projects
Run day 2 actions on deployments based on policies Yes Yes. Your projects Yes. Your projects