As a system administrator or sub-provider administrator using the Tenant Portal, you can create global tenant roles and publish them to one or more VMware Cloud Director organizations that you manage. You can edit and delete existing global tenant roles. You can unpublish global tenant roles from individual organizations that you manage.
The system contains a set of predefined global tenant roles that are published to all organizations. See Predefined VMware Cloud Director Roles and Their Rights.
Create a Global Tenant Role in Your VMware Cloud Director
As a system administrator or sub-provider administrator using the Tenant Portal, you can create a global tenant role that you can publish to one or more of your tenant organizations.
After the initial VMware Cloud Director installation and setup, the system contains predefined global tenant roles that are published to all organizations. For information about the predefined roles, see Predefined VMware Cloud Director Roles and Their Rights.
You can add custom global roles to your system.
Procedure
Results
When you create a new global tenant role, it is available only to your organization.
What to do next
You can publish the newly created role to one or more organizations in your system. See Publish or Unpublish a Global Tenant Role to Your VMware Cloud Director.
Add a VMware Cloud Director Global Role by Copying a Role
As a system administrator or sub-provider administrator using the Tenant Portal, you can use an existing role as a template for the creation of a new global tenant role.
Prerequisites
Verify that you are logged in to a sub-provider organization as a system administrator, sub-provider administrator, or a role with equivalent set of rights.
Procedure
- From the primary left navigation panel, select Administration.
- From the secondary left panel, under Tenant Access Control, select Global Roles.
- Click Copy from Roles.
- Select the base role that you want to clone.
- Enter a name and description for the cloned role.
- (Optional) To edit the cloned rights, turn on the Modify Selected Rights toggle, and select or deselect the rights you want to change for the cloned role.
- Click Save.
Publish or Unpublish a Global Tenant Role to Your VMware Cloud Director
As a system administrator or sub-provider administrator using the Tenant Portal, you can publish a global tenant role to one or more VMware Cloud Director organizations in your system. After you publish a role to an organization, this role becomes a part of the organization set of tenant roles.
Prerequisites
- Verify that you are logged in as a system administrator, sub-provider administrator, or a role with equivalent set of rights.
- To unpublish a global tenant role from an organization, verify that no user is assigned with this role in the organization.
Procedure
- From the primary left navigation panel, select Administration.
- From the secondary left panel, under Tenant Access Control, select Global Roles.
- If you want to publish a role, select the radio button next to the target role, and click Publish.
- Turn on the Publish to Tenants toggle.
- Select the organizations to which you want to publish the role.
- If you want to publish the role to all existing and newly created organizations in your system, select Publish to All Tenants.
- If you want to publish the role to one or more organizations in your system, select the organizations individually.
- If you want to unpublish a role, select the radio button next to the target role, and click Publish.
- To unpublish the role from all organizations in your system, turn off the Publish to Tenants toggle.
- To unpublish the role from specific organizations in your system, turn off the Publish to All Tenants toggle, and deselect the organizations individually.
- Click Save.
Results
The published role is available in the selected organizations and can be assigned to users in these organizations. Organization administrators cannot edit global tenant roles that are published to their organizations.
The unpublished role is removed from the selected organizations and cannot be assigned to users in these organizations.
View and Edit a Global Tenant Role Using Your VMware Cloud Director
As a system administrator or sub-provider administrator using the Tenant Portal, you can view the rights that are included in a global tenant role. You can modify the name, the description, and the rights of a global tenant role.
Prerequisites
Procedure
Results
Delete a Global Tenant Role From Your VMware Cloud Director
As a system administrator or sub-provider administrator using the Tenant Portal, you can remove a global tenant role that you no longer use in your VMware Cloud Director organizations.
Prerequisites
- Verify that you are logged in as a system administrator, sub-provider administrator, or a role with equivalent set of rights.
- The global tenant role that you want to delete must not be assigned to any user across all organizations.
Procedure
- From the primary left navigation panel, select Administration.
- From the secondary left panel, under Tenant Access Control, select Global Roles.
- Select the radio button next to the target role and click Delete.
- To confirm the deletion, click Delete.