You can use vRealize Orchestrator to limit the personas that can view and interact with the workflows. Ideally, only the administrator interacts with workflows in vRealize Orchestrator. Delegated administrators and end users interact with the workflows through vSphere Web Client or vRealize Automation.

vRealize Orchestrator Plug-in for Horizon installs several workflows that are organized into directories in the vRealize Orchestrator user interface. The API access and Business logic folders are not meant to be modified because their contents form the building blocks of the other executable workflows. To prevent unauthorized customization of workflows, for certain folders, remove edit permissions for all users except the administrator, as a best practice.

Note: The suggested permission settings in this topic are required only if you want to hide the CoreModules folder and the configuration elements in the View folder from delegated administrators and end users.

In the Workflows view, you can set the following access rights:

  • On the root folder in the left pane, set the access rights so that delegated administrators have only View and Execute permissions.
  • On the Configuration folder and CoreModules folder, set the access rights so that delegated administrators have no permissions and cannot see the folders. This restriction overrides the permissions set at the root folder.
  • On the Business logic folder in the CoreModules folder, set the access rights so that delegated administrators have only View permissions.
  • On the API access folder in the CoreModules folder, set the access rights so that delegated administrators have only View permissions.
  • On the vSphereWebClient folder, set the access rights so that delegated administrators have only View permissions.

If you are unfamiliar with the procedure for setting access rights, see "Set User Permissions on a Workflow" in the vRealize Orchestrator documentation.

In the Configurations view, you can set the following access rights:

  • On the View folder, set the access rights so that delegated administrators have no permissions.
  • On all configuration elements inside the View folder, set the access rights so that delegated administrators have only View permissions.

If you are unfamiliar with the procedure for setting access rights, see "Create a Configuration Element" in the vRealize Orchestrator documentation.