Here are the types of VMware Tanzu Application Service for VMs (TAS for VMs) users, the roles and permissions for TAS for VMs users, and who creates and manages user accounts.
TAS for VMs users are app developers, managers, and auditors who work within orgs and spaces. There are virtual compartments within a deployment where TAS for VMs users can run apps and locally manage their roles and permissions.
A Role based Access Control (RBAC) system defines and maintains the different TAS for VMs user roles:
For more information about TAS for VMs user roles and what actions users with these roles can take within the orgs and spaces they belong to, see Orgs, roles, spaces, permissions.
All TAS for VMs users use system tools such as the Cloud Foundry Command Line Interface (cf CLI), Operations Manager Metrics, and Apps Manager, a dashboard for managing TAS for VMs users, orgs, spaces, and apps. Space Developer TAS for VMs users work with their software development tools and the apps deployed on host VMs.
For more information about Apps Manager, see Using Apps Manager.
When an operator configures TAS for VMs for the first time, they specify one of the following authentication systems for TAS for VMs user accounts:
Internal authentication, using a new UAA database created for TAS for VMs. This system-wide UAA differs from the Tanzu Operations Manager internal UAA, which only stores Tanzu Operations Manager Admin accounts.
External authentication, through an existing identity provider accessed through SAML or LDAP protocol.
In either case, TAS for VMs user role settings are saved internally in the Cloud Controller Database, separate from the internal or external user store.
Org and Space Managers then use Apps Manager to invite and manage additional TAS for VMs users within their orgs and spaces. TAS for VMs users with proper permissions can also use the cf CLI to assign user roles. For more information, see Managing User Roles with Apps Manager.
The following table summarizes TAS for VMs user types, their roles, the tools they use, the System of Record (SOR) that stores their accounts, and what accounts they can provision.
User type | TAS for VMs users |
---|---|
Available roles |
|
Tools they use |
|
Account SOR | TAS for VMs user store through UAA or External store through SAML or LDAP |
Accounts they can provision | TAS for VMs users within permitted orgs and spaces, and end users of the app |