User roles determine what you can see and do in Cloud Assembly. Some roles are defined at the organization level, and some are specific to Cloud Assembly.
User roles are defined for the organization in the vRealize Automation Cloud console by an organization owner. There are two types of roles, organization roles and service roles.
The organization roles are global and apply to all services in the organization. The organization-level roles are Organization owner or Organization Member role.
The Cloud Assembly service roles, which are service-specific permissions, are also assigned at the organization level in the console.
Cloud Assembly Service Roles
The Cloud Assembly service roles determine what you can see and do in Cloud Assembly. These service roles are defined in the console by an organization owner.
|Cloud Assembly Administrator||Must have read and write access to the entire user interface and API resources. This is the only user role that can see and do everything, including add cloud accounts, create new projects, and assign a project administrator.|
|Cloud Assembly User||A user who does not have the Cloud Assembly Administrator role.
In a Cloud Assembly project, the administrator adds users to projects as project members. The administrator can also add a project administrator. The permission for these two roles are defined below.
|Cloud Assembly Viewer||A user who can see information but cannot create, update, or delete values. This is a read-only role.|
In addition to the service roles, Cloud Assembly has project roles.
The project roles are defined in Cloud Assembly and can vary between projects.
In the following tables, which tells your what the different service and project roles can see and do, remember that the service administrators have full permission on all areas of the user interface.
You the descriptions of project roles will help you as you decide what permissions to give your users.
- Project administrators leverage the infrastructure that is created by the service administrator to ensure that their project members have the resources they need for their development work.
- Project members work within their projects to design and deploy blueprints.
- Project viewers are restricted to read-only access, except in a few cases where they can do non-destructive things like download blueprints.
|UI Context||Task||Cloud Assembly Administrator||Cloud Assembly Viewer||Cloud Assembly User
User must be a project administrator or member to see and do project-related tasks.
|Project Administrator||Project Member||Project Viewer|
|Access Cloud Assembly|
|Console||In the vRA console, you can see and open Cloud Assembly||Yes||Yes||Yes||Yes||Yes|
|See and open the Infrastructure tab||Yes||Yes||Yes||Yes||Yes|
|Configure - Projects||Create projects||Yes|
|Update, or delete values from project summary, users, provisioning, Kubernetes, integrations, and test project configurations.||Yes||Yes. Your projects|
|View projects||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Configure - Cloud Zones||Create, update, or delete cloud zones||Yes|
|View cloud zones||Yes||Yes|
|Configure - Kubernetes Zones||Create, update, or delete Kubernetes zones||Yes|
|View Kubernetes zones||Yes||Yes|
|Configure - Flavors||Create, update, or delete flavors||Yes|
|Configure - Image Mappings||Create, update, or delete image mappings||Yes|
|View image mappings||Yes||Yes|
|Configure - Network Profiles||Create, update, or delete network profiles||Yes|
|View image network profiles||Yes||Yes|
|Configure - Storage Profiles||Create, update, or delete storage profiles||Yes|
|View image storage profiles||Yes||Yes|
|Configure - Tags||Create, update, or delete tags||Yes|
|Resources - Compute||View discovered compute resources||Yes||Yes|
|Resources - Networks||Modify network tags, IP ranges, IP addresses||Yes|
|View discovered network resources||Yes||Yes|
|Resources - Security||View discovered security groups||Yes||Yes|
|Resources - Storage||Add tags to discovered storage||Yes|
|Resources - Machines||Add and delete machines||Yes|
|View machines||Yes||Yes||Yes||Yes. Your projects|
|Resources - Volumes||Delete discovered storage volumes||Yes|
|View discovered storage volumes||Yes||Yes||Yes||Yes. Your projects.|
|Resources - Kubernetes||Deploy or add Kubernetes clusters, and create or add namespaces||Yes|
|View Kubernetes clusters and namespaces||Yes||Yes||Yes||Yes. Your projects|
|Activity - Requests||Delete deployment request records||Yes||Yes. Your projects|
|View deployment request records||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Activity - Event Logs||View event logs||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Connections - Cloud Accounts||Create, update, or delete cloud accounts||Yes|
|View cloud accounts||Yes||Yes|
|Connections - Integrations||Create, update, or delete integrations||Yes|
|Connections - Cloud Proxies||Create, update, or delete cloud proxies||Yes|
|View cloud proxies||Yes||Yes|
|Onboarding||Create, update, or delete onboarding plans||Yes|
|View onboarding plans||Yes||Yes||Yes. Your projects|
|See and open the Marketplace tab||Yes||Yes|
|Use the downloaded blueprints on the Design tab||Yes||Yes. If associated with your projects.||Yes. If associated with your projects.|
|Marketplace - Blueprints||Download a blueprint||Yes|
|View the blueprints||Yes||Yes|
|Marketplace - Images||Download images||Yes|
|Marketplace - Downloads||View the log of all downloaded items||Yes||Yes|
|See and open the Extensibility tab||Yes||Yes||Yes.|
|Events||View extensibility events||Yes||Yes||Yes. Your projects||Yes. Your projects|
|Subscriptions||Create, update, or delete extensibility subscriptions||Yes|
|Disable subscriptions||Yes||Yes. Your projects.|
|View subscriptions||Yes||Yes||Yes. Your projects|
|Library - Event topics||View event topics||Yes||Yes||Yes. Your projects|
|Library - Actions||Create, update, or delete extensibility actions||Yes|
|Modify or delete extensibility actions||Yes||Yes. Your projects|
|View extensibility actions||Yes||Yes||Yes. Your projects|
|Library - Workflows||View extensibility workflows||Yes||Yes||Yes. Your projects||Yes. Your projects|
|Activity - Action Runs||Cancel or delete extensibility action runs||Yes||Yes. Your projects|
|View extensibility action runs||Yes||Yes||Yes. Your projects||Yes. Your projects|
|Activity - Workflow Runs||View extensibility workflow runs||Yes||Yes||Yes. Your projects||Yes. Your projects|
|Design||Open the Design tab and see a list of blueprints||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Blueprints||Create, update, and delete blueprints||Yes||Yes. Your projects||Yes. Your projects|
|View blueprints||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Download blueprints||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Upload blueprints||Yes||Yes. Your projects||Yes. Your projects|
|Deploy blueprints||Yes||Yes. Your projects||Yes. Your projects|
|Version blueprints||Yes||Yes. Your projects||Yes. Your projects|
|Release blueprints to the catalog||Yes||Yes. Your projects|
|See and open the Deployments tab||Yes||Yes||Yes||Yes||yes|
|View deployments, including deployment details, deployment history, and troubleshooting information.||Yes||Yes. Only shared projects||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Run day 2 actions on deployments based on policies||Yes||Yes. Your projects||Yes. Your projects|