When users join your Organization, they receive Organization and service roles access granted directly by an Organization Owner or they inherit them as members of groups. As an Organization Owner, you can view and edit user roles from the Cloud Services Console.

Here's what you need to know about editing the roles of users.
  • Users can hold a combination of roles - the roles assigned to them directly and the roles inherited from a group. For example, a direct role assignment for support user and some group-inherited roles such as developer and VMware Cloud on AWS administrator.
  • When a user is assigned roles that conflict with one another, they receive the role that has greater permissions. For example, if a user is assigned a read-only role and an administrator role, they receive the administrator role.


  1. On the Cloud Services Console toolbar, click the VMware Cloud Services icon and select Identity & Access Management > Active Users.
  2. Click the double arrow icon (Double arrow icon) next to a user's name to view their roles and if they are part of groups.
    Changes you make to the user's role might override their group-assigned roles.
  3. Select the check box next to a user and click Edit Roles.
  4. Change the user's Organization roles and service roles as required.
  5. Click Save.