User roles determine what you can see and do in Cloud Assembly. Some roles are defined at the service organization level, and some are specific to Cloud Assembly.

Global roles

Global roles are defined in the organization and might be applied across multiple services.

Table 1. Global Organization Roles
Role Description
Cloud Assembly Administrator Must have read and write access to the entire user interface and API resources. This is the only user role that can create a new project and assign a project administrator.
Cloud Assembly User Any user who does not have the Cloud Assembly Administrator role.

Project roles and permissions

Project roles, the project administrator and project member, are defined in Cloud Assembly and can vary between projects.

In the following tables, where the permissions are defined, remember that the cloud administrator has full permission on all areas of the UI.

Project administrators leverage the infrastructure that is created by the cloud administrator to ensure that their project members have the resources they need for their development work.

Table 2. Project Administrator Permissions
Tab Node or Area View Create Modify/Delete
Infrastructure Configure - Projects Yes (only your projects) No Yes (only your projects)
Configure - Cloud Zones No No No
Configure - Flavor Mappings Yes No No
Configure - Image Mappings Yes No No
Configure - Network Profiles Yes No No
Configure - Storage Profiles Yes No No
Configure - Tags Yes No No
Resources - Compute Yes No No
Resources - Network Yes No No
Resources - Storage Yes No No
Resources - Machines Yes (only your projects) Yes Yes (only your projects)
Resources - Volumes
Activity - Requests Yes (only your projects) N/A Yes (only your projects)
Activity - Events Yes (only your projects) N/A Yes (only your projects)
Connections - Cloud Accounts No No No
Connections - Integrations
Connections - Cloud Proxies
Cost - VMC Assessment Yes No No
Cost - Private Clouds Yes No No
Onboarding
Blueprints Blueprints Yes (only for your projects) Yes (only for your projects) Yes (only for your projects)
Deployments Deployments Yes (only for your projects) N/A Yes (only for your projects)

The project members are usually developers who create and deploy blueprints.

Table 3. Project Member Permissions
Tab Node or Area View Create Modify/Delete
Infrastructure Configure - Projects Yes (only the projects you are a member of) No No
Configure - Cloud Zones No No No
Configure - Flavor Mappings Yes No No
Configure - Image Mappings Yes No No
Configure - Network Profiles Yes No No
Configure - Storage Profiles Yes No No
Configure - Tags Yes No No
Resources - Compute Yes No No
Resources - Network Yes No No
Resources - Storage Yes No No
Resources - Machines Yes (only the ones that you deployed) Yes Yes (only the ones that you deployed)
Resources - Volumes
Activity - Requests Yes (only the ones that you deployed) N/A Yes (only the ones that you deployed)
Activity - Events Yes (only the ones that you deployed) N/A Yes (only the ones that you deployed)
Connections - Cloud Accounts No No No
Connections - Integrations
Connections - Cloud Proxies
Cost - VMC Assessment Yes No No
Cost - Private Clouds Yes No No
Onboarding
Blueprints Blueprints Yes (only for your projects) Yes (only for your projects) Yes (only for your projects)
Deployments Deployments Yes (only the ones that you deployed) N/A Yes (only the ones that you deployed)