A role associates a role name with a set of rights. A newly created organization includes a set of predefined roles and rights inherited from the system. A system administrator can use the vCloud Director Web Console or the vCloud API to create or update role objects in any organization in the system. Organization administrators can use the vCloud API to create or update role objects in organizations they administer.
vCloud Director uses roles and their associated rights to determine whether a user or group is authorized to perform an operation. Many of the procedures documented in the vCloud Director Administrator's Guide, vCloud Director User's Guide, and vCloud API Programming Guide for Service Providers include a prerequisite role. These prerequisites assume that the named role is the unmodified predefined role or a role that includes an equivalent set of rights.
When you create or import a user or import a group, you must assign it a role.
Roles and Rights in an Organization