Assign Organization and Service Roles to the Groups for VMware Aria Automation for Private Cloud Automation for VMware Cloud Foundation

To manage access to services provided by VMware Aria Automation, assign organization roles and service roles to Active Directory security groups.

You assign organization and service roles to the groups that you synchronized for VMware Aria Automation from the Identity Provider into Workspace ONE Access.

Table 1. Active Directory Security Groups and Roles for VMware Aria Automation
Group Description	Organization Role	Service Role
Organization owners	Organization Owner	None
VMware Aria Automation Assembler administrators	Organization Member	Assembler administrator
VMware Aria Automation Assembler users	Organization Member	Assembler user
VMware Aria Automation Assembler viewers	Organization Member	Assembler viewer
VMware Aria Automation Service Brokeradministrators	Organization Member	Service Broker administrator
VMware Aria Automation Service Broker users	Organization Member	Service Broker user
VMware Aria Automation Service Broker viewers	Organization Member	Service Broker viewer
VMware Aria Automation Orchestrator administrators	Organization Member	Orchestrator administrator
VMware Aria Automation Orchestrator workflow designers	Organization Member	Orchestrator workflow designer
VMware Aria Automation Orchestrator viewers	Organization Member	Orchestrator viewers

UI Procedure

Log in to the VMware Aria Automation cloud services console at https://<aria_automation_cluster_fqdn>/csp/gateway/portal as configadmin in the system domain.
In the left navigation pane, click Identity and access management > Enterprise groups.
On the Enterprise groups page, click Assign roles.
On the Enterprise Group Role Assignment page assign an organization role and a service role to each of your Active Directory security groups from the VMware Cloud Foundation Planning and Preparation Workbook.

PowerShell Procedure

Start PowerShell.

Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "[email protected]"
$sddcManagerPass = "VMw@re1!"

$configUser = "configadmin"
$configPass = "VMw@re1!"

$orgOwner = "[email protected]"
$assemblerAdmins = "[email protected]"
$assemblerUsers = "[email protected]"
$assemblerViewers = "[email protected]"
$serviceBrokerAdmins = "[email protected]"
$serviceBrokerUsers = "[email protected]"
$serviceBrokerViewers = "[email protected]"
$orchestratorAdmins = "[email protected]"
$orchestratorDesigners = "[email protected]"
$orchestratorViewers = "[email protected]"

Assign an organization role and a service role to each of your Active Directory security groups from the VMware Cloud Foundation Planning and Preparation Workbook.

Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $orgOwner -orgRole org_owner

Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $assemblerAdmins -orgRole org_member -serviceRole automationservice:cloud_admin

Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $assemblerUsers -orgRole org_member -serviceRole automationservice:user

Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $assemblerViewers -orgRole org_member -serviceRole automationservice:viewer

Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $serviceBrokerAdmins -orgRole org_member -serviceRole catalog:admin

Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $serviceBrokerUsers -orgRole org_member -serviceRole catalog:user

Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $serviceBrokerViewers -orgRole org_member -serviceRole catalog:viewer

Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $orchestratorAdmins -orgRole org_member -serviceRole orchestration:admin

Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $orchestratorDesigners -orgRole org_member -serviceRole orchestration:designer

Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $orchestratorViewers -orgRole org_member -serviceRole orchestration:viewer