As an organization owner, you invite users to your organization and give them role-based access to the organization's resources. You can view your list of tenants and users, and edit their roles.

Roles are collections of permissions that bind to organization's resources for specific users. Permissions are actions on a certain organization. The association between a role, a user, and organization is defined as a binding. For example, you assign the Provider Admin role to the service provider on a tenant organization.

In the VMware Cloud Provider Hub, organization roles are hierarchical. For example, if you are assigned the Provider Administrator role in the master organization, you keep this role in all tenant organizations in that master organization.

When you provide access to one or more of the VMware Cloud services of the organization, you grant users access to the cloud service according to the roles each cloud service provides. For more information, see to the documentation of the relevant VMware Cloud service.

When you invite users to your organizations, you assign role-based access. The following table lists the actions each role performs in the organization.

Table 1. Roles available for service provider's users.

Actions you can perform with the role

Provider Administrator role

Provider Operations Administrator role

Provider Billing User role

Provider Support User role

Provider Account Administrator role

Create and edit service provider's users and their roles.

Create and edit tenant's users and their roles.

Create and edit tenant organizations.

Provision services for tenants.

Grant access for a service to a tenant.

View aggregated and individual tenant usage, and billing.

View, create, edit, and delete support tickets for service provider organizations and tenant organizations.

View and manage operations, services, billing, and support for specific tenants.


The Provider Account Administrator role allows managing only the tenants that the user has permissions to access. If you combine this role with the Provider Administrator role, that has unrestricted access, the user cannot access all tenants in the organization, but only tenants that are accessible as a result of being Provider Account Administrator.

Table 2. Roles available for tenant's users.

Actions that you can perform with the role

Tenant Admin role

Tenant User role

Tenant Billing User role

Create and edit tenant's users and their roles.

Grant access for a service to the tenant's user.

Use the services to which you already have access granted by the Tenant Admin.

Vew the usage of the provisioned services.