To manage access to services provided by vRealize Automation, you assign global organization roles and service roles to Active Directory user groups.

You assign organization and service roles to the following user groups.
Table 1. vRealize Automation User Groups and Roles

Group Name

Description

Organization Role

Service

Service Role

ug-vra-org-owners@rainpole.local

The universal group in a parent domain for vRealize Automation organization owners

Organization Owner

None

None

ug-vra-cloud-assembly-admins@rainpole.local

The universal group in a parent domain for vRealize Automation organization member and Cloud Assembly administrators.

Organization Member

Cloud Assembly

Cloud Assembly Administrator

ug-vra-cloud-assembly-users@rainpole.local

The universal group in a parent domain for vRealize Automation organization member and Cloud Assembly users.

Organization Member

Cloud Assembly

Cloud Assembly User

ug-vra-service-broker-admins@rainpole.local

The universal group in a parent domain for vRealize Automation organization member and Service Broker administrators.

Organization Member

Service Broker

Service Broker Administrator

ug-vra-service-broker-users@rainpole.local

The universal group in a parent domain for vRealize Automation organization member and Service Broker users.

Organization Member

Service Broker

Service Broker User

ug-vra-orchestrator-admins@rainpole.local

The universal group in a parent domain for vRealize Automation organization member and Orchestrator administrators.

Organization Member

Orchestrator

Orchestrator Administrator

ug-vra-orchestrator-designers@rainpole.local

The universal group in a parent domain for vRealize Automation organization member and Orchestrator workflow designers.

Organization Member

Orchestrator

Orchestrator Workflow Designer

Procedure

  1. In a Web browser, log in to vRealize Automation by using the cloud services console.
    Setting Value
    URL https://vra01svr01.rainpole.local/csp/gateway/portal
    User name configadmin
    Password wsa01svr01_configadmin_password
    Domain System Domain
  2. On the main navigation bar, click Identity and access management.
  3. Click the Enterprise groups tab and click Assign roles.
  4. For each enterprise group, assign an organization role and add a service access by assigning a service with a service role.