You assign roles to enterprise groups and give them access to the organization's services. You can assign roles to more than one enterprise group at a time, and also view the members in the selected group.

The members of the group you assign can hold several roles:

  • A role within the organization - organization owner or organization member. To see the privileges assigned to each of these roles, see Managing Users and Permissions.

  • A role within the cloud service to which you are inviting the group. Each cloud service has its own specific roles. For more information, refer to the documentation of the relevant VMware Cloud service.

  • Depending on your customer profile, you might also view the Managed Service Provider role which allows members to query the cloud service APIs for customer usage and data. If you assign this role to members of a tenant organization, they will have access to all the data within the organization.


  1. On the VMware Cloud Service Console, select Identity & Access Management > Enterprise Groups.
  2. Select the group for which you want to assign roles, and click Assign Roles.
  3. Search for the enterprise groups to which you want to assign roles.

    You can see the list of members in the group by clicking the group name, and entering a name string.

  4. Assign the group an organization role.

    Refer to the link above to see the permissions of each role.

  5. Select a service, and then assign the group one or more roles in the service.

    The service default role appears. Click the role to select a different role.

  6. To give the group access to another service, click Add Service, and assign a role.
  7. Click Assign.

    Users with the organization owner and support user roles are automatically sent an email. To send an email to users with the organization member role, select the check box.