Privileges and Roles

To perform specific operations, you require privileges associated with the specific role. VMware Telco Cloud Automation includes a set of system-defined roles and associated privileges. You cannot edit or delete them.

System-defined Privileges

The following tables list the system-defined privileges:

Table 1. System Wide Privileges
Privilege	Included Privilege(s)	Accessible Objects
System Admin - Administration privileges for all operations.	Role Admin Role Audit System Audit Virtual Infrastructure Audit Partner System Read Network Service Instance Read Network Service Catalog Read Network Function Catalog Read Network Function Instance Read Virtual Infrastructure Admin Virtual Infrastructure Consume Network Function Catalog Design Network Function Catalog Instantiate Network Function Instance Lifecycle Management Network Service Catalog Design Network Service Catalog Instantiate Network Service Instance Lifecycle Management Partner System Admin Infrastructure Lifecycle Management Infrastructure Design Tag Admin	All
System Audit - Read privileges for all operations.	Virtual Infrastructure Audit Partner System Read Network Service Instance Read Network Service Catalog Read Network Function Catalog Read Network Function Instance Read Role Audit	All
Role Admin - Administration privileges for all Roles operations.	Role Audit	Roles and Permissions
Role Audit - Read privileges for all Roles operations.		Roles and Permissions
Tag Admin - Administration privileges for tag operations.		Tags

Table 2. Virtual Infrastructure Privileges
Privilege	Included Privileges	Accessible Objects
Virtual Infrastructure Admin - Administration privileges for Infrastructure.	Virtual Infrastructure Audit	Virtual Infrastructure
Virtual Infrastrucuture Audit - Read privileges for Infrastructure.		Virtual Infrastructure Kubernetes Cluster Instance Kubernetes Cluster Template
Virtual Infrastructure Consume - Deploy privileges for VIM.		Virtual Infrastructure
Infrastructure Design - Design privileges for CaaS cluster templates.		Kubernetes Cluster Template
Infrastructure Lifecycle Management - Lifecycle management privileges for CaaS cluster instances.	Virtual Infrastructure Consume Virtual Infrastructure Audit Infrastructure Design	Kubernetes Cluster Instance

Table 3. Partner System Privileges
Privilege	Included Privileges	Accessible Objects
Partner System Read - Read privileges for Partner Systems.		Virtual Infrastructure
Partner System Admin - Administration privileges for Partner Systems.	Partner System Read Network Function Catalog Read Virtual Infrastructure Audit	Virtual Infrastructure

Table 4. Network Function Catalog Privileges
Privilege	Included Privileges	Accessible Objects
Network Function Catalog Design - Design privileges for Network Function Catalog.	Network Function Catalog Read	Network Function Catalog
Network Function Catalog Read - Read privileges for Network Function Catalog.		Network Function Catalog
Network Function Catalog Instantiate - Instantiation privileges for Network Function Catalog.	Network Function Catalog Read Virtual Infrastructure Consume Virtual Infrastructure Audit Network Function Instance Read	Network Function Catalog

Table 5. Network Function Instance Privileges
Privilege	Included Privileges	Accessible Objects
Network Function Instance Read - Read privileges for Network Function Instance.		Network Function Instance Network Function Catalog
Network Function Instance Lifecycle Management - Lifecycle management privileges for Network Function Instance.	Network Function Instance Read Network Function Catalog Instantiate Network Function Catalog Read Virtual Infrastructure Consume Virtual Infrastructure Audit	Network Function Instance

Table 6. Network Service Catalog Privileges
Privilege	Included Privileges	Accessible Objects
Network Service Catalog Design - Design privileges for Network Service Catalog.	Network Service Catalog Read Network Function Catalog Read	Network Service Catalog
Network Service Catalog Read - Read privileges for Network Service Catalog.	Network Function Catalog Read	Network Service Catalog
Network Service Catalog Instantiate - Instantiation privileges for Network Service Catalog.	Network Service Catalog Read Network Function Catalog Read Virtual Infrastructure Consume Virtual Infrastructure Audit Network Function Instance Read Network Service Instance Read	Network Service Catalog

Table 7. Network Service Instance Privileges
Privilege	Included Privileges	Accessible Objects
Network Service Instance Lifecycle Management - Lifecycle Management privileges for Network Service Instance.	Network Service Catalog Instantiate Network Service Catalog Read Network Function Catalog Read Virtual Infrastructure Consume Virtual Infrastructure Audit Network Function Instance Read Network Function Catalog Instantiate	Network Service Instance
Network Service Instance Read - Read privileges for Network Service Instance.		Network Service Instance Network Service Catalog

System-defined Roles

The following table lists the system-defined roles.


Role	Privileges
System Administrator The users assigned to this role can perform all the available actions in VMware Telco Cloud Automation.	Role Admin System Audit Virtual Infrastructure Audit Virtual Infrastructure Admin Virtual Infrastructure Consume Infrastructure Design Infrastructure Lifecycle Management Network Function Catalog Design Network Function Catalog Read Network Function Catalog Instantiate Network Function Instance Read Network Function Instance Lifecycle Management Network Service Catalog Design Network Service Catalog Read Network Service Catalog Instantiate Network Service Instance Read Network Service Instance Lifecycle Management Partner System Read Partner System Admin Role Audit
Network Function Designer The users assigned to this role can perform all the network function actions such as designing, uploading, and managing the Network Function Catalogs.	Network Function Catalog Read Network Function Instance Read
Network Function Deployer The users assigned to this role can perform all the network function actions related to the life-cycle management operations such as Instantiate, Scale, Heal, and other actions available on a Network Function instance.	Network Function Instance Read Network Function Catalog Instantiate Network Function Catalog Read Virtual Infrastructure Consume Virtual Infrastructure Audit Network Function Instance Lifecycle Management
Virtual Infrastructure Administrator The users assigned to this role can perform all the virtual infrastructure-related actions in VMware Telco Cloud Automation.	Virtual Infrastructure Audit Virtual Infrastructure Admin Virtual Infrastructure Consume Infrastructure Design Infrastructure Lifecycle Management
Virtual Infrastructure Auditor The users assigned to this role can view all the virtual infrastructure entities in VMware Telco Cloud Automation.	Virtual Infrastructure Audit
Network Service Designer The users assigned to this role can perform all the network service actions such as designing, uploading, and managing the Network Service Catalogs.	Network Service Catalog Design Network Service Catalog Read Network Function Catalog Read
Network Service Deployer The users assigned to this role can perform all the network service actions related to the life-cycle management operations such as Instantiate, Scale, Heal, and other actions available on a Network Service instance.	Network Service Instance Read Network Service Catalog Instantiate Network Service Catalog Read Network Function Instance Read Virtual Infrastructure Consume Network Function Catalog Read Network Function Catalog Instantiate Virtual Infrastructure Audit Network Service Instance Lifecycle Management Network Function Instance Lifecycle Management
System Auditor The users assigned to this role can view all the entities in VMware Telco Cloud Automation.	System Audit Virtual Infrastructure Audit Network Service Instance Read Network Service Catalog Read Network Function Catalog Read Network Function Instance Read Partner System Read Role Audit
Role Administrator The users assigned to this role can perform all the object access control related actions in VMware Telco Cloud Automation.	Role Admin Role Audit
Partner System Administrator The users assigned to this role can perform all the partner system-related actions in VMware Telco Cloud Automation.	Partner System Read Partner System Admin Network Function Catalog Read Virtual Infrastructure Audit
Partner System Read Only The users assigned to this role can view all the partner system entities in VMware Telco Cloud Automation.	Partner System Read
Role Auditor The users assigned to this role can view all the object access control related roles and permissions in VMware Telco Cloud Automation.	Role Audit