The System Administrator role exists only in the provider organization. By default, the System Administrator role has all VMware Cloud Director rights.

The System Administrator role has all VMware Cloud Director rights. This list consists of the rights available only to System Administrators. The System Administrator role has also the VMware Cloud Director Rights in Predefined Global Tenant Roles.

The rights' names in the table below are the VMware Cloud Director API rights' names. The API and UI rights' names might be different. If you want to see a list of all VMware Cloud Director rights with API rights' names, UI rights' names, UI right categories, and so on, see the VMware Cloud Director 10.5.x Rights file in CSV format.

Table 1. Rights Available by Default Only to System Administrators
New in this release Right Name
Access All Organization VDCs
Access Control List: Manage
Access Control List: View
Access Metrics Endpoint
Additional Services: Execute Workflows
Additional Services: View Running Workflows
Additional Services: View Workflows
Adopt Resource Pool: View
Advisory Definitions: Create and Delete
Advisory Definitions: Read
Allowed Origins: Manage
Allowed Origins: View
Alternate Admin Entity: View
AMQP Settings: Manage
AMQP Settings: View
API Explorer: View
API Tokens: Manage
API Tokens: Manage All
Catalog Content Source: Change Owner
Catalog Content Source: Delete
Catalog Content Source: Edit
Catalog Content Source: Sharing
Catalog Content Source: View
Catalog Content Source: View ACL
Catalog: Add vApp from My Cloud
Catalog: Change Owner
Catalog: Create / Delete a Catalog
Catalog: Edit Properties
Catalog: Import Media from vSphere
Catalog: Publish
Catalog: Shadow VM View
Catalog: Sharing
Catalog: VCSP Publish Subscribe
Catalog: VCSP Publish Subscribe Caching
Catalog: View ACL
Catalog: View Private and Shared Catalogs
Catalog: View Published Catalogs
Cell Configuration: Edit
Cell Configuration: View
Certificate Library: Manage
Certificate Library: View
Container App: Manage
Container App: Reconcile App
Container App: View
Content Library System Settings: Manage
Content Library System Settings: View
Custom entity: Create custom entity definitions
Custom entity: Delete custom entity definitions
Custom entity: Edit custom entity definitions
Custom entity: Manage any custom entity definition
Custom entity: View all custom entity instances in org
Custom entity: View any custom entity definition
Custom entity: View custom entity definitions
Custom entity: View custom entity instance
Datastore: Delete
Datastore: Edit
Datastore: Enable or Disable
Datastore: Open in vSphere
Datastore: View
Direct Org vDC Network: Manage
Distributed Virtual Switch: Open in vSphere
Edge Cluster: Manage
Edge Cluster: View
Extension Service API Definition: Manage
Extension Service API Definition: View
Extension Services: View
Extensions: View
External Service: Manage
External Service: View
General ACL: Manage
General ACL: View
General: Administrator Control
General: Administrator View
General: Send Notification
General: View Error Details
Global Role: Edit
Global Role: View
Group / User: Manage
Group / User: View
Host: Enable or Disable
Host: Manage
Host: Open in vSphere
Host: Prepare or Unprepare
Host: Repair
Host: Upgrade
Host: View
IP Spaces Default Gateway Services: Manage
IP Spaces: Allocate
Kerberos Settings: Manage
Kerberos Settings: View
LDAP Settings: Manage
LDAP Settings: View
License Report: View
Load Balancer Controller: Edit
Load Balancer Controller: View
Load Balancer Service Engine Group Assignment: Edit
Load Balancer Service Engine Group Assignment: View
Load Balancer Service Engine Group: Edit
Load Balancer Service Engine Group: View
Localization Resources: Manage
Metadata File Entry: Create/Modify
Network Pool: Create or Delete
Network Pool: Edit
Network Pool: Open in vSphere
Network Pool: Repair
Network Pool: View
NSX-T: Edit
NSX-T: View
Object Extensions: Manage
Object Extensions: View
OIDC Server: Enablement
OIDC Server: Manage
Organization Network: Create or Delete
Organization Network: Edit Properties
Organization Network: Open in vSphere
Organization Network: View
Organization Quotas: Manage
Organization vDC Compute Policy: Admin View
Organization vDC Compute Policy: Manage
Organization vDC Compute Policy: View
Organization vDC Disk: Edit IOPS
Organization vDC Disk: View IOPS
Organization vDC Distributed Firewall: Configure Rules
Organization vDC Distributed Firewall: Enable/Disable
Organization vDC Distributed Firewall: View Rules
Organization vDC Gateway: Configure BGP Routing
Organization vDC Gateway: Configure DHCP
Organization vDC Gateway: Configure DNS
Organization vDC Gateway: Configure ECMP Routing
Organization vDC Gateway: Configure Firewall
Organization vDC Gateway: Configure IPSec VPN
Organization vDC Gateway: Configure L2 VPN
Organization vDC Gateway: Configure Load Balancer
Organization vDC Gateway: Configure NAT
Organization vDC Gateway: Configure OSPF Routing
Organization vDC Gateway: Configure Remote Access
Organization vDC Gateway: Configure Route Advertisement
Organization vDC Gateway: Configure SLAAC Profile
Organization vDC Gateway: Configure SSL VPN
Organization vDC Gateway: Configure Static Routing
Organization vDC Gateway: Configure Syslog
Organization vDC Gateway: Configure System Logging
Organization vDC Gateway: Convert to Advanced Networking
Organization vDC Gateway: Create
Organization vDC Gateway: Delete
Organization vDC Gateway: Distributed Routing
Organization vDC Gateway: Import
Organization vDC Gateway: Modify Form Factor
Organization vDC Gateway: Update
Organization vDC Gateway: Update Properties
Organization vDC Gateway: Upgrade
Organization vDC Gateway: View
Organization vDC Gateway: View BGP Routing
Organization vDC Gateway: View DHCP
Organization vDC Gateway: View DNS
Organization vDC Gateway: View Firewall
Organization vDC Gateway: View IPSec VPN
Organization vDC Gateway: View L2 VPN
Organization vDC Gateway: View Load Balancer
Organization vDC Gateway: View NAT
Organization vDC Gateway: View OSPF Routing
Organization vDC Gateway: View Remote Access
Organization vDC Gateway: View Route Advertisement
Organization vDC Gateway: View SLAAC Profile
Organization vDC Gateway: View SSL VPN
Organization vDC Gateway: View Static Routing
Organization vDC Kubernetes Policy: Edit
Organization vDC Named Disk: Change Owner
Organization vDC Named Disk: Create
Organization vDC Named Disk: Delete
Organization vDC Named Disk: Edit Properties
Organization vDC Named Disk: Move
Organization vDC Named Disk: View Encryption Status
Organization vDC Named Disk: View Properties
Organization vDC Network: Edit Properties
Organization vDC Network: Import
Organization vDC Network: View
Organization vDC Resource Pool: Open in vSphere
Organization vDC Resource Pool: View
Organization vDC Shared Named Disk: Create
Organization vDC Storage Policy: Edit
Organization vDC Storage Policy: Enable or Disable
Organization vDC Storage Policy: Open in vSphere
Organization vDC Storage Policy: Remove
Organization vDC Storage Policy: View Capabilities
Organization vDC Storage Profile: Set Default
Organization vDC: Create
Organization vDC: Delete
Organization vDC: Edit ACL
Organization vDC: Enable or Disable
Organization vDC: Extended Edit
Organization vDC: Extended View
Organization vDC: Manage Firewall
✓ (Available in version 10.5.1 and later) Organization vDC: Migrate Storage
Organization vDC: Simple Edit
Organization vDC: User View
Organization vDC: View ACL
Organization vDC: View CPU and Memory Reservation
Organization VDC: view metrics
Organization vDC: VM-VM Affinity Edit
Organization: Activate or Deactivate
Organization: Create or Delete
Organization: Edit Association Settings
Organization: Edit Federation Settings
Organization: Edit LDAP Settings
Organization: Edit Leases Policy
Organization: Edit Limits
Organization: Edit Name
Organization: Edit OAuth Settings
Organization: Edit Password Policy
Organization: Edit Properties
Organization: Edit Quotas Policy
Organization: Edit SMTP Settings
Organization: Import User/Group from IdP while Editing VDC ACL
Organization: Migrate Tenant Storage
Organization: Perform Administrator Queries
✓ (Available in version 10.5.1 and later) Organization: Traversal
Organization: Use Provider LDAP as Tenant
Organization: View
Organization: View Association Settings
Organization: view metrics
Port Group: Open in vSphere
Preference: Manage preference definition
Private IP Spaces: Manage
Private IP Spaces: View
✓ (Available in version 10.5.1 and later) Provider Gateway BGP: Simple Manage
✓ (Available in version 10.5.1 and later) Provider Gateway BGP: Simple View
✓ (Available in version 10.5.1 and later) Provider Gateway Firewall: Manage
✓ (Available in version 10.5.1 and later) Provider Gateway Firewall: View
✓ (Available in version 10.5.1 and later) Provider Gateway NAT: Manage
✓ (Available in version 10.5.1 and later) Provider Gateway NAT: View
Provider Gateway Routing: Manage
Provider Gateway Routing: View
Provider Gateway: Simple View
Provider Network: Create or Delete
Provider Network: Edit
Provider Network: Open in vSphere
Provider Network: View
Provider vDC Compute Policy: Manage
Provider vDC Compute Policy: View
Provider vDC Resource Pool: Migrate VMs
Provider vDC Resource Pool: Open in vSphere
Provider vDC Resource Pool: View
Provider vDC Storage Policy: Edit
Provider vDC Storage Policy: Enable or Disable
Provider vDC Storage Policy: Open in vSphere
Provider vDC Storage Policy: Remove
Provider vDC Storage Policy: View
Provider vDC: Add Resource Pool
Provider vDC: Create or Delete
Provider vDC: Delete Resource Pool
Provider vDC: Edit
Provider vDC: Enable or Disable
Provider vDC: Enable or Disable Resource Pool
Provider vDC: Enable vSphere VXLAN
Provider vDC: Merge
Provider vDC: View
Public Endpoints: Manage
Quota Policy Capabilities: View
Quota Policy: Manage
Quota Policy: View
Reload VM: Manage
Replication Tracking VM: Manage
Resource Class Action: Manage
Resource Class Action: View
Resource Pool: Open
Resource Pool: Open in vSphere
Resource Pool: View
Right: Manage
Right: View
Rights Bundle: Edit
Rights Bundle: View
Role: Create, Edit, Delete, or Copy
SDDC: Manage
SDDC: Manage Proxy
SDDC: View
Security Tag Edit
Segment Profile Templates: Manage
Segment Profile Templates: View
Selector Extensions: Manage
Selector Extensions: View
Service Account: Manage
Service Account: Simple View
Service Account: View
Service Apps: Manage
Service Apps: View
Service Authorization: Manage
Service Configuration: Manage
Service Configuration: View
Service Library: Create service libraries
Service Library: Delete services from the service library
Service Library: Edit service metadata
Service Library: Edit the contents of a service
Service Library: View service libraries
Service Link: Manage
Service Link: View
Service Resource Type: Manage
Service Resource Type: View
Service Resource: Manage
Service Resource: View
Shared Org vDC Network: Manage
Site: Edit
Site: View
SSL Settings: View
SSL Settings: Manage
SSL: Test Connection
Stranded Item: Manage
Stranded Item: View
Supported Storage Entity Type: Manage
System IP Spaces: Manage
System IP Spaces: View
System Operations: Execute System Operations
System Organization: Manage
System Organization: View
System Settings: Manage
System Settings: View
System: Manage Proxy Rules
System: View Proxy Rules
Tanzu Kubernetes Guest Cluster: Administrator Full Control
Tanzu Kubernetes Guest Cluster: Administrator View
Tanzu Kubernetes Guest Cluster: Edit
Tanzu Kubernetes Guest Cluster: Full Control
Tanzu Kubernetes Guest Cluster: View
Task: Resume, Abort, or Fail
Task: Update
Task: View Tasks
Token: Manage
Token: Manage All
Truststore: Manage
Truststore: View
UI Plugins: Define, Upload, Modify, Delete, Associate or Disassociate
UI Plugins: View
UI Portal Branding: Manage
vApp Template / Media: Copy
vApp Template / Media: Create / Upload
vApp Template / Media: Edit
vApp Template / Media: View
vApp Template: Add to My Cloud
vApp Template: Change Owner
vApp Template: Download
vApp Template: Force storage lease expiration
vApp Template: Import
vApp Template: Open in vSphere
vApp: Allow All Extra Config
vApp: Allow Ethernet Coalescing Extra Config
vApp: Allow Latency Extra Config
vApp: Allow Matching Extra Config
vApp: Allow NUMA Node Affinity Extra Config
vApp: Change Owner
vApp: Copy
vApp: Create / Reconfigure
vApp: Delete
vApp: Download
vApp: Edit Properties
vApp: Edit VM Compute Policy
vApp: Edit VM CPU
vApp: Edit VM CPU and Memory reservation settings in all VDC types
vApp: Edit VM Hard Disk
vApp: Edit VM Memory
vApp: Edit VM Network
vApp: Edit VM Properties
vApp: Enter/Exit Maintenance Mode
vApp: Force runtime lease expiration
vApp: Force storage lease expiration
vApp: Import Options
vApp: Maintenance manage
vApp: Manage VM Password Settings
vApp: Open in vSphere
vApp: Power Operations
vApp: Shadow VM View
vApp: Sharing
vApp: Snapshot Operations
vApp: Upload
vApp: Use Console
vApp: View ACL
vApp: View VM and VM's Disks Encryption Status
vApp: View VM Metrics
vApp: VM Boot Options
vApp: VM Check Compliance
vApp: VM Migrate, Force Undeploy, Relocate, Consolidate
VAPP_VM_METADATA_TO_VCENTER
VCD Extension: Register, Unregister, Refresh, Associate or Disassociate
VCD Extension: View
vCenter: Attach or Detach
vCenter: Enable or Disable
vCenter: Open in vSphere
vCenter: Refresh
vCenter: View
vDC Group: Configure
vDC Group: Configure Logging
vDC Group: View
VDC Template: ACL manage
VDC Template: Extended View
VDC Template: Instantiate
VDC Template: Manage
VDC Template: View
vGPU Profile Consumption: View
vGPU Profile: Delete
vGPU Profile: Manage
vGPU Profile: View
VMC: Register SDDC
VMWARE:NATIVECLUSTER: Administrator Full Control
VMWARE:NATIVECLUSTER: Administrator View
VMWARE:NATIVECLUSTER: Edit
VMWARE:NATIVECLUSTER: Full Control
VMWARE:NATIVECLUSTER: View
vRealize Orchestrator: Publish and Unpublish Workflows to Tenants
vRealize Orchestrator: Register and Unregister vRealize Orchestrator Servers
vRealize Orchestrator: View RegisteredvRealize Orchestrator Servers
vSphere Server: Manage
vSphere Server: Manage Proxy
vSphere Server: Manage Proxy Configuration
vSphere Server: View