The CloudAdmin role and the CloudGlobalAdmin role are predefined in your cloud SDDC. When you log in VMware assigns you one of those roles on each object in the object hierarchy.


The CloudAdmin role has the necessary privileges for you to create and manage workloads on your SDDC. However, you cannot access or configuring the certain management components that are supported and managed by VMware, such as hosts, clusters, and management virtual machines.


The CloudGlobalAdmin role is associated with global privileges and allows you to create and manage content library objects and perform some other global tasks.

Understanding Authorization in vSphere in Managing the VMware Cloud on AWS Data Center has more information about roles and rights in the system.