SDDC Manager uses roles, and their associated rights, to determine which users and groups can perform which operations using the SDDC Manager client.

About this task

System administrators assign roles to users and groups using the Permissions area of the User Management page. The ability to perform operations is granted by the rights associated with the role that is assigned to the user or group.


Verify the user or group is present and enabled for access in the management domain's identity sources. Only such users and groups can be assigned permissions to access the SDDC Manager client. See Active Directory and the Cloud Foundation Environment, Configure an Active Directory Domain as an Identity Source for your Cloud Foundation Environment, and Add Local Users and Groups.


  1. In the SDDC Manager client, navigate to User Management > Users & Groups.
  2. Click Add User/Group.

    The window displays fields to select users and groups that are known to SDDC Manager.

  3. Select User or Group according to which type you are assigning permissions.
  4. Select the domain that the user or group belongs to.
  5. Use the filter field to display a list of users or groups.
    • To display users or groups that match a set of characters, type those characters in the filter field and press Enter on your keyboard.

    • To display all users or all groups, set your cursor in the filter field and press Enter on your keyboard.

    A list of matching users or groups appears, according to your selections.

  6. For each user or group, assign a role to the user or group.

    Each role grants set of associated rights. The rights determine what operations can be performed using the SDDC Manager client. When you assign a role to a user or group, that user or group is granted that role's associated rights.

  7. Click Save to save the changes.


The users and groups to which you assigned a role now have permissions to perform the operations governed by their assigned roles.