After you create a delegated administrators group and assign it permission to perform actions on vCenter extensions, you can give the group permission to view and execute workflows in Orchestrator.
If you have been using vRealize Orchestrator and have already created users and groups that have permission to view, inspect, and execute vCenter extensions, you might not need to perform the procedure described in this topic.
Verify that you have administrator credentials for the Orchestrator server. The account must be a member of the vRealize Orchestrator Admin group configured to authenticate through vCenter Single Sign-On.
Verify that you have created a delegated administrators group and assigned a role that has Extensions permissions in vCenter. See Create a Delegated Administrator Role Using vSphere Web Client.
- Log in to Orchestrator as an administrator, and select Design from the drop-down menu in the upper-left portion of the screen.
- Right-click the root directory in the left pane and select Edit access rights.
- In the Edit Access Rights dialog box, click Add access rights.
- In the Chooser dialog box, in the Filter text box, type the first few letters of the name of the delegated administrators group, and when the group name appears in the list, select the group.
- Select the View check box, deselect any other check boxes, and click Select.
The group is added to the list in the Edit Access Rights dialog box.
- Click Save and close.
The group is added on the Permissions tab, and in the Rights column, you see that the group has View permissions.
- Expand the library in the left pane and right-click the Horizon folder.
- Select Edit access rights from the context menu, and click Add access rights.
- Type the name of the delegated administrators group in the Filter text box, select the group in the list, and select the View, Inspect, and Execute check boxes.
- Click Select in the Chooser dialog box, and click Save and close in the Edit Access Rights dialog box.
The group is added on the Permissions tab and in the Rights column, you see that the group has View, Inspect, and Execute permissions.
What to do next
Assign the delegated administrators group to specific desktop and application pools. See Assign Delegated Administrators to Pools.