Service Role Design for VMware Aria Automation Service Broker for Private Cloud Automation for VMware Cloud Foundation

You manage access to VMware Aria Automation Service Broker in VMware Aria Automation by assigning enterprise groups to service roles in your organization.

VMware Aria Automation Service Broker has two service roles assigned from the corporate identity and access management. You assign the service roles to designated enterprise groups, synchronized from your corporate identity source through the clustered Workspace ONE Access deployment.

Table 1. Service Role Assignments for VMware Aria Automation Service Broker in VMware Aria Automation
Role	Description
Service Broker administrator	Read and write access to the VMware Aria Automation Service Broker user interface and API resources. Configure content sources and sharing, and customization. Configure policies. Project administrators must be granted the Service Broker Administrator role to perform customization to cloud template icons and forms. However, members of this role are also entitled to manage cloud accounts, cloud zones, and integrations created by a Assembler Administrator.
Service Broker user	Request services from projects.
Service Broker viewer	Read-only access to the VMware Aria Automation Service Broker user interface and API resources. Restricted from create, update, or delete operations.

For information about the service role design decisions for the VMware Aria Automation Service Broker service, see Identity Management Design for Private Cloud Automation for VMware Cloud Foundation.