Users of Tanzu Platform cloud services can have any of the following Organization roles in any Organization: Organization Member, Organization Administrator, or Organization Owner.
The level of permissions for each Organization varies:
The Organization Administrator role has limited administrative access. Organization Administrator users can assign services roles to any organization role, but can manage only users, groups and OAuth apps that have roles with the same or lower administrative permissions.
For example, an Organization Administrator user can grant or manage access for other users and groups who have the Organization Member or Organization Administrator role in the Organization, but cannot manage users, groups, or resources who are assigned the Organization Owner role.
The Organization Member role has read-only access to the Organization resources.
Here’s what you need to know about the permissions of the three Organization roles in Tanzu Platform cloud services. If a user is assigned roles that conflict with one another, they receive the role that has greater permissions.
Permission | Organization Owner | Organization Administrator | Organization Member |
---|---|---|---|
Belong to one or more Organizations | |||
Access one of your other Organizations | |||
Specify the Organization that is displayed when you sign in. | |||
View and modify the Organization settings. | View only. | View only. | |
Add/remove users in your Organization | Only users who have Organization Member or Organization Administrator role . | ||
Manage the service access and roles of users in your Organization. | |||
Manage and view payment methods and billing. | When the Billing Read-only check box is selected, this role provides read-only access to billing-related information and the option to generate usage consumption reports. | When the Billing Read-only check box is selected, this role provides read-only access to billing-related information and the option to generate usage consumption reports. | |
Query the cloud service APIs for customer usage and data. This permission is available for specific customer profiles only. |
|| When the Managed Service Provider check box is selected.| When the Managed Service Provider check box is selected.| |Create and manage OAuth apps to authorize third-party apps to access protected resources.|| Only for OAuth apps created by users in the Organization.| When the Developer check box is selected.| |Access all audit data for your Organization in the associated vRealize Log Insight Cloud service instance for your Organization.|| When the Access Log Auditor check box is selected.| When the Access Log Auditor check box is selected.| |Create, modify and manage access to Projects and their resources.|| When the Project Administrator check box is selected.| When the Project Administrator check box is selected.|
Parent topic:How do I manage roles and permissions