As identified in the Plan pillar of the Well Architected Framework, organizations should have all stakeholders, roles, and functions defined from the planning exercise. There should be a documented permissions model to implement once the SDDC is provisioned.

For example, if an organization has designated a network engineer or a group to manage all SDDC networking components, they may implement a CSP account that has the Org Member Role, permissions to the VMware Cloud on AWS service, and assign the VMware Cloud NSX Cloud Admin role.

Accounts can be easily created, modified, or removed either manually using the user interface or automated through APIs.