Privileges and Roles

To perform specific operations, you require privileges associated with the specific role. VMware Telco Cloud Automation includes a set of system-defined roles and associated privileges. You cannot edit or delete them.

System-defined Privileges

The following tables list the system-defined privileges:

Table 1. System Wide Privileges
Privilege	Included Privilege(s)	Accessible Objects
System Admin - Administration privileges for all operations.	Role Admin Role Audit System Audit Virtual Infrastructure Audit Partner System Read Network Service Instance Read Network Service Catalog Read Network Function Catalog Read Network Function Instance Read Virtual Infrastructure Admin Virtual Infrastructure Consume Network Function Catalog Design Network Function Catalog Instantiate Network Function Instance Lifecycle Management Network Service Catalog Design Network Service Catalog Instantiate Network Service Instance Lifecycle Management Partner System Admin Infrastructure Lifecycle Management Infrastructure Design Tag Admin Workflow Read Workflow Design Workflow Execute System Admin	All
System Audit - Read privileges for all operations.	Virtual Infrastructure Audit Partner System Read Network Service Instance Read Network Service Catalog Read Network Function Catalog Read Network Function Instance Read Role Audit Workflow Read System Audit	All
Role Admin - Administration privileges for all Roles operations.	Role Audit Role Admin	Roles and Permissions
Role Audit - Read privileges for all Roles operations.	Role Audit	Roles and Permissions
Tag Admin - Administration privileges for tag operations.	Tag Admin	Tags

Table 2. Virtual Infrastructure Privileges
Privilege	Included Privileges	Accessible Objects
Virtual Infrastructure Admin - Administration privileges for Infrastructure.	Virtual Infrastructure Audit Virtual Infrastructure Admin	Virtual Infrastructure
Virtual Infrastructure Audit - Read privileges for Infrastructure.	Virtual Infrastructure Audit	Virtual Infrastructure Kubernetes Cluster Instance Kubernetes Cluster Template
Virtual Infrastructure Consume - Deploy privileges for VIM.	Virtual Infrastructure Consume	Virtual Infrastructure
Infrastructure Design - Design privileges for CaaS cluster templates.	Workflow Read Workflow Design Infrastructure Design	Kubernetes Cluster Template Workflow Catalogs
Infrastructure Lifecycle Management - Lifecycle management privileges for CaaS cluster instances.	Virtual Infrastructure Consume Infrastructure Design Workflow Read Workflow Design Workflow Execute Infrastructure Lifecycle Management	Kubernetes Cluster Instance Workflow Catalog Workflow Instances

Table 3. Partner System Privileges
Privilege	Included Privileges	Accessible Objects
Partner System Read - Read privileges for Partner Systems.	Partner System Read	Virtual Infrastructure
Partner System Admin - Administration privileges for Partner Systems.	Partner System Read Network Function Catalog Read Virtual Infrastructure Consume Workflow Read Partner System Admin	Virtual Infrastructure Workflow Catalog

Table 4. Network Function Catalog Privileges
Privilege	Included Privileges	Accessible Objects
Network Function Catalog Design - Design privileges for Network Function Catalog.	Network Function Catalog Read Workflow Read Workflow Design Network Function Catalog Design	Network Function Catalog Workflow Catalog
Network Function Catalog Read - Read privileges for Network Function Catalog.	Workflow Read Network Function Catalog Read	Network Function Catalog Workflow Catalog
Network Function Catalog Instantiate - Instantiation privileges for Network Function Catalog.	Network Function Catalog Read Virtual Infrastructure Consume Network Function Instance Read Workflow Read Network Function Catalog Instantiate	Network Function Catalog Workflow Catalog

Table 5. Network Function Instance Privileges
Privilege	Included Privileges	Accessible Objects
Network Function Instance Read - Read privileges for Network Function Instance.	Network Function Instance Read	Network Function Instance Network Function Catalog
Network Function Instance Lifecycle Management - Lifecycle management privileges for Network Function Instance.	Network Function Instance Read Network Function Catalog Instantiate Network Function Catalog Read Virtual Infrastructure Consume Workflow Read Workflow Execute Network Function Instance Lifecycle Management	Network Function Instance Workflow Catalog Workflow Instance

Table 6. Network Service Catalog Privileges
Privilege	Included Privileges	Accessible Objects
Network Service Catalog Design - Design privileges for Network Service Catalog.	Network Service Catalog Read Network Function Catalog Read Workflow Read Workflow Design Network Service Catalog Design	Network Service Catalog Workflow Catalog
Network Service Catalog Read - Read privileges for Network Service Catalog.	Network Function Catalog Read Workflow Read Network Service Catalog Read	Network Service Catalog Workflow Catalog
Network Service Catalog Instantiate - Instantiation privileges for Network Service Catalog.	Network Service Catalog Read Network Function Catalog Read Virtual Infrastructure Consume Network Function Instance Read Network Service Instance Read Workflow Read Network Service Catalog Instantiate	Network Service Catalog Workflow Catalog

Table 7. Network Service Instance Privileges
Privilege	Included Privileges	Accessible Objects
Network Service Instance Lifecycle Management - Lifecycle Management privileges for Network Service Instance.	Network Service Catalog Instantiate Network Service Catalog Read Network Function Catalog Read Virtual Infrastructure Consume Network Function Instance Read Network Function Catalog Instantiate Workflow Read Workflow Execute Network Service Instance Lifecycle Management	Network Service Instance Workflow Catalog Workflow Instance
Network Service Instance Read - Read privileges for Network Service Instance.	Network Service Instance Read	Network Service Instance Network Service Catalog

Table 8. Workflow Privileges
Privilege	Included Privileges	Accessible Objects
Workflow Read	Workflow Read	Workflow Catalog
Workflow Design	Workflow Read Workflow Design	Workflow Catalog
Workflow Execute	Workflow Execute Workflow Read	Workflow Catalog Workflow Instance

System-defined Roles

The following table lists the system-defined roles.


Role	Privileges
System Administrator The users assigned to this role can perform all the available actions in VMware Telco Cloud Automation.	Role Admin System Audit Virtual Infrastructure Audit Virtual Infrastructure Admin Virtual Infrastructure Consume Infrastructure Design Infrastructure Lifecycle Management Network Function Catalog Design Network Function Catalog Read Network Function Catalog Instantiate Network Function Instance Read Network Function Instance Lifecycle Management Network Service Catalog Design Network Service Catalog Read Network Service Catalog Instantiate Network Service Instance Read Network Service Instance Lifecycle Management Partner System Read Partner System Admin Role Audit System Admin Tag Admin Workflow Read Workflow Design Workflow Execute
Network Function Designer The users assigned to this role can perform all the network function actions such as designing, uploading, and managing the Network Function Catalogs.	Network Function Catalog Read Network Function Catalog Design Workflow Read Workflow Design
Network Function Deployer The users assigned to this role can perform all the network function actions related to the life-cycle management operations such as Instantiate, Scale, Heal, and other actions available on a Network Function instance.	Network Function Instance Read Network Function Catalog Instantiate Network Function Catalog Read Virtual Infrastructure Consume Network Function Instance Lifecycle Management Workflow Read Workflow Execute
Virtual Infrastructure Administrator The users assigned to this role can perform all the virtual infrastructure-related actions in VMware Telco Cloud Automation.	Virtual Infrastructure Audit Virtual Infrastructure Admin Virtual Infrastructure Consume Infrastructure Design Infrastructure Lifecycle Management
Virtual Infrastructure Auditor The users assigned to this role can view all the virtual infrastructure entities in VMware Telco Cloud Automation.	Virtual Infrastructure Audit
Network Service Designer The users assigned to this role can perform all the network service actions such as designing, uploading, and managing the Network Service Catalogs.	Network Service Catalog Design Network Service Catalog Read Network Function Catalog Read Workflow Read Workflow Design
Network Service Deployer The users assigned to this role can perform all the network service actions related to the life-cycle management operations such as Instantiate, Scale, Heal, and other actions available on a Network Service instance.	Network Service Instance Read Network Service Catalog Instantiate Network Service Catalog Read Network Function Instance Read Virtual Infrastructure Consume Network Function Catalog Read Network Function Catalog Instantiate Network Service Instance Lifecycle Management Network Function Instance Lifecycle Management Workflow Read Workflow Execute
System Auditor The users assigned to this role can view all the entities in VMware Telco Cloud Automation.	System Audit Virtual Infrastructure Audit Network Service Instance Read Network Service Catalog Read Network Function Catalog Read Network Function Instance Read Partner System Read Role Audit Workflow Read
Role Administrator The users assigned to this role can perform all the object access control related actions in VMware Telco Cloud Automation.	Role Admin Role Audit Tag Admin
Partner System Administrator The users assigned to this role can perform all the partner system-related actions in VMware Telco Cloud Automation.	Partner System Read Partner System Admin Network Function Catalog Read Virtual Infrastructure Consume
Partner System Read Only The users assigned to this role can view all the partner system entities in VMware Telco Cloud Automation.	Partner System Read
Role Auditor The users assigned to this role can view all the object access control related roles and permissions in VMware Telco Cloud Automation.	Role Audit
Vendor Admin	Virtual Infrastructure Consume Partner System Read Network Function Catalog Design Network Function Catalog Read Network Function Catalog Instantiate Network Function Instance Read Network Function Instance Lifecycle Management Network Service Catalog Design Network Service Catalog Read Network Service Catalog Instantiate Network Service Instance Read Network Service Instance Lifecycle Management Workflow Read Workflow Design Workflow Execute
Workflow Designer	Workflow Read Workflow Design
Workflow Executor	Workflow Read Workflow Execute