Here is how to manage you user roles with Apps Manager in VMware Tanzu Application Service for VMs (TAS for VMs).

Important The procedures described here are not compatible with using SAML or LDAP for user identity management. To create and manage user accounts in a SAML or LDAP-enabled Operations Manager deployment, see Adding existing SAML or LDAP users to an Operations Manager deployment.

Overview

Operations Manager uses role-based access control, with each role granting the permissions in either an org or an app space.

You can assign one or more roles to a user account. The combination of these roles defines the actions a user can perform in an org and within specific app spaces in that org. For information about the actions that each role allows, see Orgs, spaces, roles, and permissions. For example, to assign roles to user accounts in a space, you must have Space Manager role assigned to the user in that space.

You can also edit the permissions for existing users by adding or removing the roles associated with the user account. User roles are assigned on a per-space basis, so you must edit the user account for each space that you want to change.

Admins, Org Managers, and Space Managers can assign user roles with Apps Manager or with the Cloud Foundry Command Line Interface (cf CLI). For more information, see Users and roles in Getting Started with the cf CLI.

You can manage user roles across multiple foundations. For more information, see Configuring multi-foundation support in Apps Manager.

Manage org roles

Valid org roles are Organization Manager and Organization Auditor.

To grant or revoke org roles:

  1. Go to the Home page.

  2. Select an org.

  3. In the panel on the left side of the screen, click Members. Edit the roles assigned to each user by selecting or deselecting the check boxes under each user role. Apps Manager saves your changes automatically.

  4. The Members panel displays all members of the org. Select a check box to grant an org role to a user, or deselect a check box to revoke a role from a user.

Manage app space roles

Valid app space roles are Space Manager, Space Developer, and Space Auditor.

To grant or revoke app space roles:

  1. Go to the page for a space.

  2. In the panel on the left side of the screen, click Members. The Members panel displays all members of the space.

  3. Select a check box to grant an app space role to a user, or deselect a check box to revoke a role from a user.

    • Space Managers can invite and manage users and enable features for a space. Assign this role to managers or other users who need to administer the account.
    • Space Developers can create, delete, and manage apps and services, and have full access to all usage reports and logs. Space Developers can also edit apps, including the number of instances and memory footprint. Assign this role to app developers or other users who need to interact with apps and services.
    • Space Auditors have view-only access to all space information, settings, reports, and logs. Assign this role to users who need to view but not edit the app space.

Invite new users

NoteThe Enable invitations check box in the Apps Manager pane of the TAS for VMs tile must be selected to invite new users.

To invite new users to an org:

  1. Go to the org page.

  2. In the panel on the left side of the screen, click Members.

  3. Click Invite New Members. The Invite New Team Member(s) form appears.

  4. In the Add Email Addresses text box, enter the email addresses of the users that you want to invite. Enter multiple email addresses as a comma-separated list.

  5. The Assign Org Roles and Assign Space Roles tables list the current org and available spaces with check boxes corresponding to each possible user role. Select the check boxes that correspond to the permissions that you want to grant to the invited users.

  6. Click Send Invite. The Apps Manager sends an email containing an invitation link to each email address that you specified.

Remove a user from an org

Removing a user from org also removes them from all spaces in the org.

To remove a user from the org:

  1. Go to the org page.

  2. In the panel on the left side of the screen, click Members.

  3. Locate the user account that you want to remove.

  4. Under the user’s email address, click the Remove User link. A warning dialog box appears.

  5. Click Remove to confirm user account deletion from the org.

Remove a user from a space

To remove a user from a space:

  1. Go to the page for a space.

  2. In the panel on the left side of the screen, click Members. The Members panel displays all members of the space.

  3. Locate the user account that you want to remove.

  4. Under the user’s email address, click the Remove User link. A warning dialog box appears.

  5. Click Remove to confirm user account deletion from the space.

check-circle-line exclamation-circle-line close-line
Scroll to top icon