Users of VMware Cloud Services can have any of the following Organization roles in any Organization: Organization Member, Organization Administrator, or Organization Owner.

Organization roles and permissions

The level of permissions for each Organization varies:
  • The Organization Owner role has full administrative access to all resources in the Organization. Organization Owner users can also self-assign roles to themselves.
  • The Organization Administrator role has limited administrative access. Organization Administrator users can assign services roles to any organization role, but can manage only users, groups and OAuth apps that have roles with the same or lower administrative permissions.

    For example, an Organization Administrator user can grant or manage access for other users and groups who have the Organization Member or Organization Administrator role in the Organization, but cannot manage users, groups, or resources who are assigned the Organization Owner role.

  • The Organization Member role has read-only access to the Organization resources.
Here's what you need to know about the permissions of the three Organization roles in VMware Cloud Services. If a user is assigned roles that conflict with one another, they receive the role that has greater permissions.
Permission Organization Owner Organization Administrator Organization Member
Belong to one or more Organizations Check mark Check mark Check mark
Access one of your other Organizations Check mark Check mark Check mark
Specify the Organization that is displayed when you sign in. Check mark Check mark Check mark
View and modify the Organization settings. Check mark Check mark View only. Check mark View only.
Add/remove users in your Organization Check mark Check mark Only users who have Organization Member or Organization Administrator role .
Manage the service access and roles of users in your Organization. Check mark Check mark
Manage and view payment methods and billing. Check mark Check mark When the Billing Read-only check box is selected, this role provides read-only access to billing-related information and the option to generate usage consumption reports. Check mark When the Billing Read-only check box is selected, this role provides read-only access to billing-related information and the option to generate usage consumption reports.
Query the cloud service APIs for customer usage and data.

This permission is available for specific customer profiles only.

Check mark Check mark When the Managed Service Provider check box is selected. Check mark When the Managed Service Provider check box is selected.
Create and manage OAuth apps to authorize third-party apps to access protected resources. Check mark Check mark Only for OAuth apps created by users in the Organization. Check mark When the Developer check box is selected.
Access all audit data for your Organization in the associated vRealize Log Insight Cloud service instance for your Organization. Check mark Check mark When the Access Log Auditor check box is selected. Check mark When the Access Log Auditor check box is selected.
Create, modify and manage access to Projects and their resources. Check mark Check mark When the Project Administrator check box is selected. Check mark When the Project Administrator check box is selected.