As an organization administrator, you can use VMware Tanzu Mission Control to view the built-in and custom roles that can be used in your access policies, as well as the individual permissions that are included in these roles.

Tanzu Mission Control provides a set of roles that you can use in your organization's access policies, and you can create your own access roles using a set of focused permissions. You can view these roles and permissions through the Roles tab on the Administration page of the Tanzu Mission Control console.


Make sure you have the appropriate permissions.
  • To view the roles in your organization and their included permissions, you must be associated with a .admin role.
  • To view the complete set of individual permission primitives that are available to be included in custom roles, you must be associated with the organization.admin role for the organization.

Log in to the Tanzu Mission Control console, and then go to the Administration page.


  1. On the Administration page in the Tanzu Mission Control console, click the Roles tab.
    The Roles tab shows a table that contains the built-in roles and the custom roles that have been defined for your organization.
    • To filter what appears in the table, you can click the filter icon in the name column.
    • To see only the custom roles, you can click the Hide Tanzu built-in roles toggle.
  2. To see the definition for a role, click the name of the role in the table.
    The role detail page shows the permissions that are included in the role, any Kubernetes RBAC rules that are defined for it, and the visibility of the role.
  3. To see a complete list of the permissions that you can use to define a role, click Create Custom Role.
    The Create page shows a table of permissions, which you can sort and filter if necessary.