To manage access to services provided by VMware Aria Automation, assign organization roles and service roles to Active Directory security groups.
Group Description |
Organization Role |
Service Role |
---|---|---|
Organization owners |
Organization Owner |
None |
VMware Aria Automation Assembler administrators |
Organization Member |
Assembler administrator |
VMware Aria Automation Assembler users |
Organization Member |
Assembler user |
VMware Aria Automation Assembler viewers |
Organization Member |
Assembler viewer |
VMware Aria Automation Service Brokeradministrators |
Organization Member |
Service Broker administrator |
VMware Aria Automation Service Broker users |
Organization Member |
Service Broker user |
VMware Aria Automation Service Broker viewers |
Organization Member |
Service Broker viewer |
VMware Aria Automation Orchestrator administrators |
Organization Member |
Orchestrator administrator |
VMware Aria Automation Orchestrator workflow designers |
Organization Member |
Orchestrator workflow designer |
VMware Aria Automation Orchestrator viewers |
Organization Member |
Orchestrator viewers |
UI Procedure
- Log in to the VMware Aria Automation cloud services console at https://<aria_automation_cluster_fqdn>/csp/gateway/portal as configadmin in the system domain.
In the left navigation pane, click
.On the Enterprise groups page, click Assign roles.
On the Enterprise Group Role Assignment page assign an organization role and a service role to each of your Active Directory security groups from the VMware Cloud Foundation Planning and Preparation Workbook.
PowerShell Procedure
Start PowerShell.
Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.
$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" $sddcManagerUser = "[email protected]" $sddcManagerPass = "VMw@re1!" $configUser = "configadmin" $configPass = "VMw@re1!" $orgOwner = "[email protected]" $assemblerAdmins = "[email protected]" $assemblerUsers = "[email protected]" $assemblerViewers = "[email protected]" $serviceBrokerAdmins = "[email protected]" $serviceBrokerUsers = "[email protected]" $serviceBrokerViewers = "[email protected]" $orchestratorAdmins = "[email protected]" $orchestratorDesigners = "[email protected]" $orchestratorViewers = "[email protected]"
Assign an organization role and a service role to each of your Active Directory security groups from the VMware Cloud Foundation Planning and Preparation Workbook.
Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $orgOwner -orgRole org_owner Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $assemblerAdmins -orgRole org_member -serviceRole automationservice:cloud_admin Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $assemblerUsers -orgRole org_member -serviceRole automationservice:user Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $assemblerViewers -orgRole org_member -serviceRole automationservice:viewer Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $serviceBrokerAdmins -orgRole org_member -serviceRole catalog:admin Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $serviceBrokerUsers -orgRole org_member -serviceRole catalog:user Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $serviceBrokerViewers -orgRole org_member -serviceRole catalog:viewer Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $orchestratorAdmins -orgRole org_member -serviceRole orchestration:admin Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $orchestratorDesigners -orgRole org_member -serviceRole orchestration:designer Add-vRAGroup -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -vraUser $configUser -vraPass $configPass -displayName $orchestratorViewers -orgRole org_member -serviceRole orchestration:viewer