The System Administrator role exists only in the provider organization. By default, the System Administrator role has all VMware Cloud Director rights.
The System Administrator role has all VMware Cloud Director rights. This list consists of the rights available only to System Administrators. The System Administrator role has also the VMware Cloud Director Rights in Predefined Global Tenant Roles.
The rights' names in the table below are the VMware Cloud Director API rights' names. The API and UI rights' names might be different. If you want to see a list of all VMware Cloud Director rights with API rights' names, UI rights' names, UI right categories, and so on, see the VMware Cloud Director 10.5.x Rights file in CSV format.
New in this release | Right Name |
---|---|
Access All Organization VDCs | |
Access Control List: Manage | |
Access Control List: View | |
Access Metrics Endpoint | |
Additional Services: Execute Workflows | |
Additional Services: View Running Workflows | |
Additional Services: View Workflows | |
Adopt Resource Pool: View | |
Advisory Definitions: Create and Delete | |
Advisory Definitions: Read | |
Allowed Origins: Manage | |
Allowed Origins: View | |
Alternate Admin Entity: View | |
AMQP Settings: Manage | |
AMQP Settings: View | |
API Explorer: View | |
API Tokens: Manage | |
API Tokens: Manage All | |
✓ | Catalog Content Source: Change Owner |
✓ | Catalog Content Source: Delete |
✓ | Catalog Content Source: Edit |
✓ | Catalog Content Source: Sharing |
✓ | Catalog Content Source: View |
✓ | Catalog Content Source: View ACL |
Catalog: Add vApp from My Cloud | |
Catalog: Change Owner | |
Catalog: Create / Delete a Catalog | |
Catalog: Edit Properties | |
Catalog: Import Media from vSphere | |
Catalog: Publish | |
Catalog: Shadow VM View | |
Catalog: Sharing | |
Catalog: VCSP Publish Subscribe | |
Catalog: VCSP Publish Subscribe Caching | |
Catalog: View ACL | |
Catalog: View Private and Shared Catalogs | |
Catalog: View Published Catalogs | |
✓ | Cell Configuration: Edit |
Cell Configuration: View | |
Certificate Library: Manage | |
Certificate Library: View | |
✓ | Container App: Manage |
✓ | Container App: Reconcile App |
✓ | Container App: View |
Content Library System Settings: Manage | |
Content Library System Settings: View | |
Custom entity: Create custom entity definitions | |
Custom entity: Delete custom entity definitions | |
Custom entity: Edit custom entity definitions | |
✓ | Custom entity: Manage any custom entity definition |
Custom entity: View all custom entity instances in org | |
✓ | Custom entity: View any custom entity definition |
Custom entity: View custom entity definitions | |
Custom entity: View custom entity instance | |
Datastore: Delete | |
Datastore: Edit | |
Datastore: Enable or Disable | |
Datastore: Open in vSphere | |
Datastore: View | |
Direct Org vDC Network: Manage | |
Distributed Virtual Switch: Open in vSphere | |
Edge Cluster: Manage | |
Edge Cluster: View | |
Extension Service API Definition: Manage | |
Extension Service API Definition: View | |
Extension Services: View | |
Extensions: View | |
External Service: Manage | |
External Service: View | |
General ACL: Manage | |
General ACL: View | |
General: Administrator Control | |
General: Administrator View | |
General: Send Notification | |
General: View Error Details | |
Global Role: Edit | |
Global Role: View | |
Group / User: Manage | |
Group / User: View | |
Host: Enable or Disable | |
Host: Manage | |
Host: Open in vSphere | |
Host: Prepare or Unprepare | |
Host: Repair | |
Host: Upgrade | |
Host: View | |
✓ | IP Spaces Default Gateway Services: Manage |
IP Spaces: Allocate | |
Kerberos Settings: Manage | |
Kerberos Settings: View | |
LDAP Settings: Manage | |
LDAP Settings: View | |
License Report: View | |
Load Balancer Controller: Edit | |
Load Balancer Controller: View | |
Load Balancer Service Engine Group Assignment: Edit | |
Load Balancer Service Engine Group Assignment: View | |
Load Balancer Service Engine Group: Edit | |
Load Balancer Service Engine Group: View | |
Localization Resources: Manage | |
Metadata File Entry: Create/Modify | |
Network Pool: Create or Delete | |
Network Pool: Edit | |
Network Pool: Open in vSphere | |
Network Pool: Repair | |
Network Pool: View | |
NSX-T: Edit | |
NSX-T: View | |
Object Extensions: Manage | |
Object Extensions: View | |
OIDC Server: Enablement | |
OIDC Server: Manage | |
Organization Network: Create or Delete | |
Organization Network: Edit Properties | |
Organization Network: Open in vSphere | |
Organization Network: View | |
Organization Quotas: Manage | |
Organization vDC Compute Policy: Admin View | |
Organization vDC Compute Policy: Manage | |
Organization vDC Compute Policy: View | |
✓ | Organization vDC Disk: Edit IOPS |
Organization vDC Disk: View IOPS | |
Organization vDC Distributed Firewall: Configure Rules | |
Organization vDC Distributed Firewall: Enable/Disable | |
Organization vDC Distributed Firewall: View Rules | |
Organization vDC Gateway: Configure BGP Routing | |
Organization vDC Gateway: Configure DHCP | |
Organization vDC Gateway: Configure DNS | |
Organization vDC Gateway: Configure ECMP Routing | |
Organization vDC Gateway: Configure Firewall | |
Organization vDC Gateway: Configure IPSec VPN | |
Organization vDC Gateway: Configure L2 VPN | |
Organization vDC Gateway: Configure Load Balancer | |
Organization vDC Gateway: Configure NAT | |
Organization vDC Gateway: Configure OSPF Routing | |
Organization vDC Gateway: Configure Remote Access | |
Organization vDC Gateway: Configure Route Advertisement | |
Organization vDC Gateway: Configure SLAAC Profile | |
Organization vDC Gateway: Configure SSL VPN | |
Organization vDC Gateway: Configure Static Routing | |
Organization vDC Gateway: Configure Syslog | |
Organization vDC Gateway: Configure System Logging | |
Organization vDC Gateway: Convert to Advanced Networking | |
Organization vDC Gateway: Create | |
Organization vDC Gateway: Delete | |
Organization vDC Gateway: Distributed Routing | |
Organization vDC Gateway: Import | |
Organization vDC Gateway: Modify Form Factor | |
Organization vDC Gateway: Update | |
Organization vDC Gateway: Update Properties | |
Organization vDC Gateway: Upgrade | |
Organization vDC Gateway: View | |
Organization vDC Gateway: View BGP Routing | |
Organization vDC Gateway: View DHCP | |
Organization vDC Gateway: View DNS | |
Organization vDC Gateway: View Firewall | |
Organization vDC Gateway: View IPSec VPN | |
Organization vDC Gateway: View L2 VPN | |
Organization vDC Gateway: View Load Balancer | |
Organization vDC Gateway: View NAT | |
Organization vDC Gateway: View OSPF Routing | |
Organization vDC Gateway: View Remote Access | |
Organization vDC Gateway: View Route Advertisement | |
Organization vDC Gateway: View SLAAC Profile | |
Organization vDC Gateway: View SSL VPN | |
Organization vDC Gateway: View Static Routing | |
Organization vDC Kubernetes Policy: Edit | |
Organization vDC Named Disk: Change Owner | |
Organization vDC Named Disk: Create | |
Organization vDC Named Disk: Delete | |
Organization vDC Named Disk: Edit Properties | |
Organization vDC Named Disk: Move | |
Organization vDC Named Disk: View Encryption Status | |
Organization vDC Named Disk: View Properties | |
Organization vDC Network: Edit Properties | |
Organization vDC Network: Import | |
Organization vDC Network: View | |
Organization vDC Resource Pool: Open in vSphere | |
Organization vDC Resource Pool: View | |
Organization vDC Shared Named Disk: Create | |
Organization vDC Storage Policy: Edit | |
Organization vDC Storage Policy: Enable or Disable | |
Organization vDC Storage Policy: Open in vSphere | |
Organization vDC Storage Policy: Remove | |
Organization vDC Storage Policy: View Capabilities | |
Organization vDC Storage Profile: Set Default | |
Organization vDC: Create | |
Organization vDC: Delete | |
Organization vDC: Edit ACL | |
Organization vDC: Enable or Disable | |
Organization vDC: Extended Edit | |
Organization vDC: Extended View | |
Organization vDC: Manage Firewall | |
✓ (Available in version 10.5.1 and later) | Organization vDC: Migrate Storage |
Organization vDC: Simple Edit | |
Organization vDC: User View | |
Organization vDC: View ACL | |
Organization vDC: View CPU and Memory Reservation | |
Organization VDC: view metrics | |
Organization vDC: VM-VM Affinity Edit | |
Organization: Activate or Deactivate | |
Organization: Create or Delete | |
Organization: Edit Association Settings | |
Organization: Edit Federation Settings | |
Organization: Edit LDAP Settings | |
Organization: Edit Leases Policy | |
Organization: Edit Limits | |
Organization: Edit Name | |
Organization: Edit OAuth Settings | |
Organization: Edit Password Policy | |
Organization: Edit Properties | |
Organization: Edit Quotas Policy | |
Organization: Edit SMTP Settings | |
Organization: Import User/Group from IdP while Editing VDC ACL | |
Organization: Migrate Tenant Storage | |
Organization: Perform Administrator Queries | |
✓ (Available in version 10.5.1 and later) | Organization: Traversal |
Organization: Use Provider LDAP as Tenant | |
Organization: View | |
✓ | Organization: View Association Settings |
Organization: view metrics | |
Port Group: Open in vSphere | |
Preference: Manage preference definition | |
Private IP Spaces: Manage | |
Private IP Spaces: View | |
✓ (Available in version 10.5.1 and later) | Provider Gateway BGP: Simple Manage |
✓ (Available in version 10.5.1 and later) | Provider Gateway BGP: Simple View |
✓ (Available in version 10.5.1 and later) | Provider Gateway Firewall: Manage |
✓ (Available in version 10.5.1 and later) | Provider Gateway Firewall: View |
✓ (Available in version 10.5.1 and later) | Provider Gateway NAT: Manage |
✓ (Available in version 10.5.1 and later) | Provider Gateway NAT: View |
✓ | Provider Gateway Routing: Manage |
✓ | Provider Gateway Routing: View |
Provider Gateway: Simple View | |
Provider Network: Create or Delete | |
Provider Network: Edit | |
Provider Network: Open in vSphere | |
Provider Network: View | |
Provider vDC Compute Policy: Manage | |
Provider vDC Compute Policy: View | |
Provider vDC Resource Pool: Migrate VMs | |
Provider vDC Resource Pool: Open in vSphere | |
Provider vDC Resource Pool: View | |
Provider vDC Storage Policy: Edit | |
Provider vDC Storage Policy: Enable or Disable | |
Provider vDC Storage Policy: Open in vSphere | |
Provider vDC Storage Policy: Remove | |
Provider vDC Storage Policy: View | |
Provider vDC: Add Resource Pool | |
Provider vDC: Create or Delete | |
Provider vDC: Delete Resource Pool | |
Provider vDC: Edit | |
Provider vDC: Enable or Disable | |
Provider vDC: Enable or Disable Resource Pool | |
Provider vDC: Enable vSphere VXLAN | |
Provider vDC: Merge | |
Provider vDC: View | |
✓ | Public Endpoints: Manage |
Quota Policy Capabilities: View | |
Quota Policy: Manage | |
Quota Policy: View | |
Reload VM: Manage | |
✓ | Replication Tracking VM: Manage |
Resource Class Action: Manage | |
Resource Class Action: View | |
Resource Pool: Open | |
Resource Pool: Open in vSphere | |
Resource Pool: View | |
Right: Manage | |
Right: View | |
Rights Bundle: Edit | |
Rights Bundle: View | |
Role: Create, Edit, Delete, or Copy | |
SDDC: Manage | |
SDDC: Manage Proxy | |
SDDC: View | |
Security Tag Edit | |
Segment Profile Templates: Manage | |
Segment Profile Templates: View | |
Selector Extensions: Manage | |
Selector Extensions: View | |
Service Account: Manage | |
Service Account: Simple View | |
Service Account: View | |
Service Apps: Manage | |
Service Apps: View | |
Service Authorization: Manage | |
Service Configuration: Manage | |
Service Configuration: View | |
Service Library: Create service libraries | |
Service Library: Delete services from the service library | |
Service Library: Edit service metadata | |
Service Library: Edit the contents of a service | |
Service Library: View service libraries | |
Service Link: Manage | |
Service Link: View | |
Service Resource Type: Manage | |
Service Resource Type: View | |
Service Resource: Manage | |
Service Resource: View | |
Shared Org vDC Network: Manage | |
Site: Edit | |
Site: View | |
SSL Settings: View | |
SSL Settings: Manage | |
SSL: Test Connection | |
Stranded Item: Manage | |
Stranded Item: View | |
Supported Storage Entity Type: Manage | |
System IP Spaces: Manage | |
System IP Spaces: View | |
System Operations: Execute System Operations | |
System Organization: Manage | |
System Organization: View | |
System Settings: Manage | |
System Settings: View | |
✓ | System: Manage Proxy Rules |
✓ | System: View Proxy Rules |
Tanzu Kubernetes Guest Cluster: Administrator Full Control | |
Tanzu Kubernetes Guest Cluster: Administrator View | |
Tanzu Kubernetes Guest Cluster: Edit | |
Tanzu Kubernetes Guest Cluster: Full Control | |
Tanzu Kubernetes Guest Cluster: View | |
Task: Resume, Abort, or Fail | |
Task: Update | |
Task: View Tasks | |
Token: Manage | |
Token: Manage All | |
Truststore: Manage | |
Truststore: View | |
UI Plugins: Define, Upload, Modify, Delete, Associate or Disassociate | |
UI Plugins: View | |
UI Portal Branding: Manage | |
vApp Template / Media: Copy | |
vApp Template / Media: Create / Upload | |
vApp Template / Media: Edit | |
vApp Template / Media: View | |
vApp Template: Add to My Cloud | |
vApp Template: Change Owner | |
vApp Template: Download | |
vApp Template: Force storage lease expiration | |
vApp Template: Import | |
vApp Template: Open in vSphere | |
vApp: Allow All Extra Config | |
vApp: Allow Ethernet Coalescing Extra Config | |
vApp: Allow Latency Extra Config | |
vApp: Allow Matching Extra Config | |
vApp: Allow NUMA Node Affinity Extra Config | |
vApp: Change Owner | |
vApp: Copy | |
vApp: Create / Reconfigure | |
vApp: Delete | |
vApp: Download | |
vApp: Edit Properties | |
vApp: Edit VM Compute Policy | |
vApp: Edit VM CPU | |
vApp: Edit VM CPU and Memory reservation settings in all VDC types | |
vApp: Edit VM Hard Disk | |
vApp: Edit VM Memory | |
vApp: Edit VM Network | |
vApp: Edit VM Properties | |
vApp: Enter/Exit Maintenance Mode | |
vApp: Force runtime lease expiration | |
vApp: Force storage lease expiration | |
vApp: Import Options | |
vApp: Maintenance manage | |
vApp: Manage VM Password Settings | |
vApp: Open in vSphere | |
vApp: Power Operations | |
vApp: Shadow VM View | |
vApp: Sharing | |
vApp: Snapshot Operations | |
vApp: Upload | |
vApp: Use Console | |
vApp: View ACL | |
vApp: View VM and VM's Disks Encryption Status | |
vApp: View VM Metrics | |
vApp: VM Boot Options | |
vApp: VM Check Compliance | |
vApp: VM Migrate, Force Undeploy, Relocate, Consolidate | |
VAPP_VM_METADATA_TO_VCENTER | |
VCD Extension: Register, Unregister, Refresh, Associate or Disassociate | |
VCD Extension: View | |
vCenter: Attach or Detach | |
vCenter: Enable or Disable | |
vCenter: Open in vSphere | |
vCenter: Refresh | |
vCenter: View | |
vDC Group: Configure | |
vDC Group: Configure Logging | |
vDC Group: View | |
VDC Template: ACL manage | |
VDC Template: Extended View | |
VDC Template: Instantiate | |
VDC Template: Manage | |
VDC Template: View | |
vGPU Profile Consumption: View | |
vGPU Profile: Delete | |
vGPU Profile: Manage | |
vGPU Profile: View | |
VMC: Register SDDC | |
VMWARE:NATIVECLUSTER: Administrator Full Control | |
VMWARE:NATIVECLUSTER: Administrator View | |
VMWARE:NATIVECLUSTER: Edit | |
VMWARE:NATIVECLUSTER: Full Control | |
VMWARE:NATIVECLUSTER: View | |
vRealize Orchestrator: Publish and Unpublish Workflows to Tenants | |
vRealize Orchestrator: Register and Unregister vRealize Orchestrator Servers | |
vRealize Orchestrator: View RegisteredvRealize Orchestrator Servers | |
vSphere Server: Manage | |
vSphere Server: Manage Proxy | |
vSphere Server: Manage Proxy Configuration | |
vSphere Server: View |