To perform specific operations, you require privileges associated with the specific role. VMware Telco Cloud Automation includes a set of system-defined roles and associated privileges. You cannot edit or delete them.
Note: The roles and permissions are migrated automatically to TCA 3.0 with the enhanced permission model applied to the existing roles. Also, the attribute filters are retained during migration. Due to the enhanced permission model in TCA 3.0, which includes resource ownership and parent-child relations, a few additional objects are available as read-only.
System-defined Privileges
The following tables list the system-defined privileges:
| Privilege |
Included Privilege(s) |
Accessible Objects |
|---|---|---|
| Cluster Create - Create privileges for Cluster |
|
|
| Cluster Modify - Modify privileges for Cluster | Cluster Read | K8s Cluster Instance |
| Cluster Read - Read privileges for Cluster | K8s Cluster Instance | |
| Cluster Template Create - Create privileges for Cluster Template | K8s Cluster Template | |
| Cluster Template Modify - Modify privileges for Cluster Template | Cluster Template Read | K8s Cluster Template |
| Cluster Template Read - Read privileges for Cluster Template | K8s Cluster Template | |
| Cluster Template Use - Use privileges for Cluster Template | Cluster Template Read | K8s Cluster Template |
| Cluster Use - Use privileges for Cluster | Cluster Read | K8s Cluster Instance |
| Infrastructure Design - Design privileges for caas cluster templates | K8s Cluster Template | |
| Infrastructure Lifecycle Management - Lifecycle management privileges for caas cluster instance | Infrastructure Design |
|
| Privilege |
Included Privileges |
Accessible Objects |
|---|---|---|
| Namespace Modify - Modify Kubernetes namespace | K8s Cluster Namespace | |
| Virtual Infrastructure Admin - Administration privileges for infrastructures |
|
|
| Virtual Infrastructure Audit - Audit privileges for infrastructures | Virtual Infrastructure Read | Virtual Infrastructure |
| Virtual Infrastructure Consume - Deploy privileges for Vim | Virtual Infrastructure Read |
|
| Virtual Infrastructure Create - Create privileges for infrastructures | Virtual Infrastructure | |
| Virtual Infrastructure Read - Read privileges for infrastructures | Virtual Infrastructure |
| Privilege |
Included Privileges |
Accessible Objects |
|---|---|---|
| Network Function Draft Create - Network Function Draft Create privilege. |
Network Function Draft | |
| Network Function Draft Modify - Design privileges for Network Function Draft | Network Function Draft Read | Network Function Draft |
| Network Function Draft Read - Network Function Draft Read privilege | Network Function Draft | |
| Network Function Catalog Instantiate - Instantiation privileges for Network Function Catalog |
|
|
| Network Function Package Modify - Network Function Package Modify privilege | Network Function Package Read | Network Function Catalog |
| Network Function Package Onboard - Network Function Package Onboard privilege |
|
|
| Network Function Package Read - Network Function Package Read privilege | Network Function Catalog | |
| Network Function Package Use - Network Function Package Use privilege | Network Function Package Read | Network Function Catalog |
| Privilege |
Included Privileges |
Accessible Objects |
|---|---|---|
| Network Function Instance Lifecycle Management - Lifecycle management privileges for Network Function Instance |
Network Function Instance Read |
|
| Network Function Instance Lifecycle Management - Lifecycle management privileges for Network Function Instance. |
Network Function Instance | |
| Network Function Instance Use - Use privileges for Network Function Instance | Network Function Instance Read | Network Function Instance |
| Privilege |
Included Privileges |
Accessible Objects |
|---|---|---|
| Network Service Catalog Design - Design privileges for Network Service Catalog |
Network Service Draft | |
| Network Service Draft Modify - Network Service Draft Modify Privilege |
Network Service Draft Read | Network Service Draft |
| Network Service Draft Read - Network Service Draft Read privilege |
Network Service Draft | |
| Network Service Catalog Instantiate - Instantiation privileges for Network Service Catalog |
|
|
| Network Service Package Modify - Network Service Package Modify privilege | Network Service Package Read | Network Service Catalog |
| Network Service Package Onboard - Network Service Package Onboarding privilege |
|
|
| Network Service Package Read - Network Service Package Read privilege | Network Service Catalog | |
| Network Service Package Use - Network Service Package Read privilege | Network Service Package Read | Network Service Catalog |
| Privilege |
Included Privileges |
Accessible Objects |
|---|---|---|
| Network Service Instance Lifecycle Management - Lifecycle Management privileges for Network Service Instance | Network Service Instance Read | Network Service Instance |
| Network Service Instance Read - Read privileges for Network Service Instance | Network Service Instance | |
| Network Service Instance Use - Use privileges for Network Service Instance | Network Service Instance Read | Network Service Instance |
| Privilege |
Included Privileges |
Accessible Objects |
|---|---|---|
| Partner System Create - Create privileges for partner systems | Partner System | |
| Partner System Modify - Modify privileges for partner systems | Partner System Read | Partner System |
| Partner System Read - Read privileges for partner systems | Partner System |
| Privilege |
Included Privileges |
Accessible Objects |
|---|---|---|
| Subscription Create - Create privileges for Subscription | Subscription | |
| Subscription Delete - Delete privileges for Subscription | Subscription | |
| Subscription Read - Read privileges for Subscription | Subscription |
| Privilege |
Included Privileges |
Accessible Objects |
|---|---|---|
| Workflow Design - Design privileges for Workflow | Workflow | |
| Workflow Execute - Execute privileges for Workflow | Workflow | |
| Workflow Execution Modify - Modify privileges for Workflow Executio | Workflow Execution Read | Workflow Execution |
| Workflow Modify - Modify privileges for Workflow | Workflow Read | Workflow |
| Workflow Read - Read privileges for Workflow | Workflow |
| Privilege |
Included Privileges |
Accessible Objects |
|---|---|---|
| Workflow Hub Certificate Authority Read - Read privileges for CA certificates | Workflow Hub Certificate Authority | |
| Workflow Hub Certificate Authority Write - Add/Delete privileges for CA certificates | Workflow Hub Certificate Authority Read | Workflow Hub Certificate Authority |
| Workflow Hub Configuration Read - Read privileges for Workflow Hub configuration | Workflow Hub Configuration | |
| Workflow Hub Configuration Write - Modify privileges for Workflow Hub configuration | Workflow Hub Configuration Read | Workflow Hub Configuration |
| Workflow Hub Openapi Schema Read - Read privileges for openapi schemas | Workflow Hub Openapi Schema | |
| Workflow Hub Openapi Schema Write - Create/Modify/Delete privileges for openapi schemas | Workflow Hub Openapi Schema Read | Workflow Hub Openapi Schema |
| Workflow Hub Schedule Read - Read privileges for schedules | Workflow Hub Schedule | |
| Workflow Hub Schedule Write - Create/Modify/Delete privileges for schedules |
|
|
| Workflow Hub Secret Manager Read - Read privileges for secret manager | Workflow Hub Secret Manager | |
| Workflow Hub Secret Manager Write - Create/Modify/Delete privileges for secret manager | Workflow Hub Secret Manager Read | Workflow Hub Secret Manager |
| Workflow Hub Workflow Read - Read privileges for workflows | Workflow Hub Workflow | |
| Workflow Hub Workflow Run Read - Read privileges for workflow runs | Workflow Hub Workflow Run | |
| Workflow Hub Workflow Run Statistics Read - Read privileges for workflow run statistics | Workflow Hub Workflow Run Statistics |
| Privilege |
Included Privileges |
Accessible Objects |
|---|---|---|
| Alarm Read - Alarm read | Alarm | |
| Audit Log Read - Read privileges for tenant audit logs | ||
| Role Admin - Administration privileges for all roles operations | Role Audit | |
| Role Audit - Read privileges for all roles operations | ||
| Tag Admin - Admin privileges for tag management | ||
| Tenant Audit - Tenant audit privilege |
|
|
System-wide Privileges
The following table lists the system-defined roles.
| Privilege |
Included Privileges |
Accessible Objects |
|---|---|---|
| System Admin - Administration privileges for all operations |
|
|
| System Audit - Read privileges for all operations |
|
|
| Tcf Admin - Administration privileges for Infrastructure Administrator |
|
|
| Role | Description | Privilege |
|---|---|---|
| Network Function Deployer | The users assigned to this role can perform all network function actions related to LCM operations such as Instantiate, Scale, Heal, and other actions available for a network function instance. |
|
| Network Function Designer | The users assigned to this role can perform all network function actions such as designing, uploading, and managing the network function catalogs. |
|
| Network Service Deployer | The users assigned to this role can perform all network service actions related to LCM operations such as Instantiate, Scale, Heal, and other actions available on a network service instance. |
|
| Network Service Designer | The users assigned to this role can perform all network service actions like designing, uploading, and managing network service catalogs. |
|
| Partner System Administrator | The users assigned to this role can perform all partner-systems-related actions for VMware Telco Cloud Platform. |
|
| Partner System Read Only | The users assigned to this role can view all partner system entities for VMware Telco Cloud Platform. | Partner System Read |
| Role Administrator | The users assigned to this role can perform all object-access-control-related actions for the Telco Cloud Platform. |
|
| Role Auditor | The users assigned to this role can view all object access control related roles and permissions for VMware Telco Cloud Platform. | Role Audit |
| System Administrator | The users assigned to this role can perform all available actions for the VMware Telco Cloud Platform. |
|
| System Auditor | The users assigned to this role can view all entities in the VMware Telco Cloud Platform. |
|
| Tcf Administrator | The users assigned to this role can perform all the available actions in the VMware Telco Cloud Platform. |
|
| Tenant Administrator | The users assigned to this role can perform all available actions for the tenant. |
|
| Tenant Auditor | The users assigned to this role can view all entities in the Tenant. |
|
| Virtual Infrastructure Administrator | The users assigned to this role can perform all infrastructure-related actions for the Telco Cloud Platform |
|
| Virtual Infrastructure Auditor | The users assigned to this role can view all infrastructure entities for the VMware Telco Cloud Platform. |
|
| Workflow Designer | The users assigned to this role can perform all actions like designing, uploading, and managing the workflows. |
|
| Workflow Executor | The users assigned to this role can execute workflows. |
|
| Workflow Hub Workflow Designer | The users assigned to this role can view, create, and modify workflows and openapi schemas on Workflow Hub. They can also execute workflows. |
|
| Workflow Hub Workflow Executor | The users assigned to this role can view and execute workflows and schedules. They can also view workflow run statistics. |
|
