Your user role in Service Broker determines what you can see and do. Some roles are defined at the service organization level, and some are specific to Cloud Assembly.

User Roles

User roles are defined for the organization in the vRealize Automation Cloud console. There are two types of roles, organization roles and service roles.

The organization roles are global and apply to all services in the organization. A user is assigned an Organization owner or Organization Member role.

For more information about the organization, service, and custom roles, start with the cloud user roles.

The Service Broker service roles, which are service-specific permissions, are also assigned at the organization level in the console.

Service Broker Service Roles

The Service Broker service roles determine what you can see and do in Service Broker. These service roles are defined in the console by an organization owner.

Table 1. Service Broker Service Role Descriptions
Role Description
Service Broker Administrator Must have read and write access to the entire user interface and API resources. This is the only user role that can perform all tasks, including creating a new project and assigning a project administrator.
Service Broker User Any user who does not have the Service Broker Administrator role.

In a Service Broker project, the administrator adds users to projects as project members, administrators, or viewers. The administrator can also add a project administrator.

Service Broker Viewer A user who has read access to see information but cannot create, update, or delete values.

Users with the viewer role can see all the information that is available to the administrator. They cannot take any action unless you make them a project administrator or a project member. If the user is affiliated with a project, they have the permissions related to the role. The project viewer would not extend their permissions the way that the administrator or member role does.

In addition to the service roles, Service Broker has project roles. Any project is available in all of the services.

The project roles are defined in Service Broker and can vary between projects.

In the following tables, which tells you what the different service and project roles can see and do, remember that the service administrators have full permission on all areas of the user interface.

Use the following descriptions of project roles will help you as you decide what permissions to give your users.

  • Project administrators leverage the infrastructure that is created by the service administrator to ensure that their project members have the resources they need for their development work.
  • Project members work within their projects to design and deploy cloud templates.
  • Project viewers are restricted to read-only access.
Table 2. Service Broker Service Roles and Project Roles
UI Context Task Service Broker Administrator Service Broker Viewer Service Broker User

User must be a project administrator to see and do project-related tasks.

Project Administrator Project Member Project Viewer
Access Service Broker
Console In the console, you can see and open Service Broker Yes Yes Yes Yes Yes
Infrastructure
See and open the Infrastructure tab Yes Yes
Configure - Projects Create projects Yes
Update, or delete values from project summary, provisioning, Kubernetes, integrations, and test project configurations. Yes
Add users and groups, and assign roles in projects. Yes Yes. Your projects.
View projects Yes Yes Yes. Your projects Yes. Your projects Yes. Your projects
Configure - Cloud Zones Create, update, or delete cloud zones Yes
View cloud zones Yes Yes
Configure - Kubernetes Zones Create, update, or delete Kubernetes zones Yes
View Kubernetes zones Yes Yes
Connections - Cloud Accounts Create, update, or delete cloud accounts Yes
View cloud accounts Yes Yes
Connections - Integrations Create, update, or delete integrations Yes
View integrations Yes Yes
Connections - Cloud Proxies Create, update, or delete cloud proxies Yes
View cloud proxies Yes Yes
Activity - Requests Delete deployment request records Yes
View deployment request records Yes
Activity - Event Logs View event logs Yes
Content and Policies
See and open the Content and Policies tab Yes Yes
Content Sources Create, update, or delete content sources Yes
View content sources Yes Yes
Content Sharing Add or remove shared content Yes
View shared content Yes Yes
Content Customize form and configure item Yes
View content Yes Yes
Policies - Definitions Create, update, or delete policy definitions Yes
View policy definitions Yes Yes
Policies - Enforcement View enforcement log Yes Yes
Catalog
See and open the Catalog tab Yes Yes Yes Yes Yes
View available catalog items Yes Yes Yes. Your projects Yes. Your projects Yes. Your projects
Request a catalog item Yes Yes. Your projects Yes. Your projects
Deployments
See and open the Deployments tab Yes Yes Yes. Yes Yes

View deployments, including deployment details, deployment history, price, monitor, alerts, optimize, and troubleshooting information

Yes Yes Yes. Your projects Yes. Your projects Yes. Your projects
Manage alerts Yes Yes. Your projects Yes. Your projects
Run day 2 actions on deployments based on policies Yes Yes. Your projects Yes. Your projects
Approvals
See and open the Approvals tab Yes Yes Yes Yes Yes
Respond to approval requests Yes Service Broker user role only Service Broker user role only Service Broker user role only