Organization members are assigned organization roles and service roles. As an organization owner, you can change both types of role assignments for members of your organization.

Organization roles specify the privileges that an organization member has over organization assets. Service roles specify the privileges that an organization member has when accessing VMware Cloud Services that the organization uses. All service roles can be assigned and changed by a user with organization owner privileges, so restrictive role such as NSX Cloud Auditor should be assigned along with the role of organization member to prevent modification.

When multiple service roles are assigned to an organization user, permissions are granted for the most permissive role. For example, if the VMC on Dell EMC Cloud Auditor Role for NSX is selected along with the VMC on Dell EMC Cloud Admin Role for NSX, a user can delete SDDCs and clusters. Therefore, to ensure proper enforcement of the role, organization owners should select only VMC on Dell EMC Cloud Auditor Role for NSX.

Procedure

  1. On the VMware Cloud Services toolbar, click Identity & Access Management
  2. Select a user and click Edit Roles to open the Edit Roles page.
  3. To assign an organization role, select a role name from the Assign Organization Roles drop-down menu.
    For information about Organization Roles, see Organization Roles and Permissions in the VMware Cloud Services documentation.
  4. To assign a service role, select the VMware Cloud on Dell EMC service name under Assign Service Roles and select one or more VMC on Dell EMC service roles to assign.
    The following roles are available:
    Role Description
    VMC on Dell EMC - Administrator

    You must assign this role to access the VMware Cloud on Dell EMC services.

    		 This role has full cloud administrator rights to all service features in the VMware Cloud on Dell EMC console.
    VMC on Dell EMC Cloud Auditor Role for NSX This role can view NSX service settings and events but cannot make any changes to the service.
    VMC on Dell EMC Cloud Admin Role for NSX This role can perform all tasks related to deployment and administration of the NSX service.
    You must assign one of these roles to access the VMware NSX platform: VMC on Dell EMC Cloud Auditor Role for NSX or VMC on Dell EMC Cloud Admin Role for NSX.
  5. Click Save to save your changes.

What to do next

The changes to roles are saved, and take effect after users log out and log back in.