This topic describes the types of VMware Tanzu Application Service for VMs (TAS for VMs) users. It also describes the roles and permissions for TAS for VMs users and who creates and manages their user accounts.
TAS for VMs users are app developers, managers, and auditors who work within orgs and spaces, the virtual compartments within a deployment where TAS for VMs users can run apps and locally manage their roles and permissions.
A Role-Based Access Control (RBAC) system defines and maintains the different TAS for VMs user roles:
For more information about TAS for VMs user roles and what actions they can take within the orgs and spaces they belong to, see Orgs, Roles, Spaces, Permissions.
All TAS for VMs users use system tools such as the Cloud Foundry Command Line Interface (cf CLI), Ops Manager Metrics, and Apps Manager, a dashboard for managing TAS for VMs users, orgs, spaces, and apps. Space Developer TAS for VMs users work with their software development tools and the apps deployed on host VMs.
For more information about Apps Manager, see Using Apps Manager.
When an operator configures TAS for VMs for the first time, they specify one of the following authentication systems for TAS for VMs user accounts:
Internal authentication, using a new UAA database created for TAS for VMs. This system-wide UAA differs from the Ops Manager internal UAA, which only stores Ops Manager Admin accounts.
External authentication, through an existing identity provider accessed through SAML or LDAP protocol.
In either case, TAS for VMs user role settings are saved internally in the Cloud Controller Database, separate from the internal or external user store.
Org and Space Managers then use Apps Manager to invite and manage additional TAS for VMs users within their orgs and spaces. TAS for VMs users with proper permissions can also use the cf CLI to assign user roles. For more information, see Managing User Roles with Apps Manager.
The table below summarizes TAS for VMs user types, their roles, the tools they use, the System of Record (SOR) that stores their accounts, and what accounts they can provision.
|User Type||Available Roles||Tools They Use||Account SOR||Accounts They Can Provision|
|TAS for VMs Users||
||TAS for VMs user store through UAA
External store through SAML or LDAP
|TAS for VMs users within permitted orgs and spaces, and
end users of the app