To manage access to services provided by vRealize Automation, you assign global organization roles and service roles to the service account for communication from vRealize Operations Manager to vRealize Automation.

UI Procedure

  1. Log in to the vRealize Automation cloud services console at https://<vra_cluster_fqdn>/csp/gateway/portal with a user assigned the Cloud Assembly administrator service role.

  2. On the main navigation bar, click Identity and access management.

  3. On the Active users tab, select the service account for communication from vRealize Operations Manager to vRealize Automation and click Edit roles.

  4. From the Assign organization roles drop-down menu, select Organization owner.

  5. Click Add service access and from the drop-down menus, select Cloud Assembly and Cloud Assembly administrator.

  6. Click Save.

PowerShell Procedure

  1. Start Windows PowerShell.

  2. Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "administrator@vsphere.local"
$sddcManagerPass = "VMw@re1!"

$vraUser = "configadmin"
$vraPass = "VMw@re1!"
$serviceAccountEmail = "svc-vrops-vra@rainpole.io"

  3. Assign an organization role and a service role to the service account service account for communication from vRealize Operations Manager to vRealize Automation from the VMware Cloud Foundation Planning and Preparation Workbook.

    Add-vRAUser -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $vraUser -vraPass $vraPass -email $serviceAccountEmail -orgRole org_owner -serviceRole automationservice:cloud_admin