Service Roles Design for VMware Aria Automation Assembler for Private Cloud Automation for VMware Cloud Foundation

You manage access to VMware Aria Automation Assembler by assigning enterprise groups to service roles in your organization.

VMware Aria Automation Assembler has three service roles assigned from identity and access management. You assign the service roles to designated enterprise groups, synchronized from your enterprise identity source through Workspace ONE Access.

Table 1. Service Role Assignments for VMware Aria Automation Assembler in VMware Aria Automation
Service Role	Description
Assembler administrator	Read and write access to the entire VMware Aria Automation Assembler user interface and API. Configure cloud accounts, integrations, cloud zones, and Kubernetes zones. Create and manage projects, including project membership.
Assembler user	Limited access to the VMware Aria Automation Assembler user interface and API. Access based on the project membership - project administrator or project members.
Assembler viewer	Read-only access to the VMware Aria Automation Assembler user interface and API. Restricted from create, update, or delete operations.

You can also define more granular custom roles and assign users to those roles. The custom roles have two categories, view and manage:

View: A user assigned to a role with this permission can see all the items for all projects in the selected sections of the user interface.
Manage: A user assigned to a role with this permission can see all the items and has full add, edit, and delete permissions for all projects in the selected sections of the user interface.

These permissions extend the privileges that are granted by the other roles and are not restricted by project membership.

For information about the service role design decisions for the VMware Aria Automation Assembler service, see Identity Management Design for Private Cloud Automation for VMware Cloud Foundation.