Manage vSphere+ Users and Roles

VMware Cloud accounts are based on Organizations, which correspond to a group or line of business subscribed to VMware Cloud Services. VMware Cloud Services use Organizations to provide controlled access to one or more services. For enterprises that use multiple cloud services, Organizations provide an easy way to map business groups and processes to different cloud services. Your VMware Cloud account is contained within an Organization. To access a cloud service, you must belong to an Organization.

VMware Cloud provides several organizational roles and service roles that help you provide or restrict access as needed to the users in your Organization.

Organizational roles determine the access to common operations such as managing billing, user roles and permissions, and support requests for the Organization. VMware Cloud provides the following Organizational roles:


Organizational Role	Description
Organization Owner	Full administrative access to all the resources in the Organization. Organization owners can invite users and assign relevant roles depending on the level of access each user needs.
Organization Administrator	Limited administrative access. Organization Administrators can assign service roles to any organization role, but can manage only users that have roles with the same or lower administrative permissions. For example, an Organization Administrator user can grant or manage access for other users who have the Organization Member or Organization Administrator role in the Organization but cannot manage users who have the Organization Owner role.
Organization Member	Minimum role to access the Organization.

Service roles determine the level of access a user has to the cloud service, which is vSphere+. If a user has multiple roles, then the highest privilege is honored. VMware Cloud provides the following service roles for vSphere+:


Service Role	Description
Cloud Administrator	Users in this role have full administrative access and can perform all the tasks in vSphere+.
Subscription Administrator	Users in this role have read-only access to most of the vSphere+ features except subscribing vCenter instances to vSphere+. Users in this role can subscribe vCenter instances to vSphere+.
DevOps User	Users in this role have read-only access to most of thevSphere+ features except VM operations. They can perform VM operations such as creating VMs, powering on, and powering off VMs provided they have the necessary permissions on the vCenter.
Viewer	Users in this role have read-only access to all the vSphere+ features.

Important: All the service roles are applicable only to perform vSphere+ operations in the VMware Cloud console. To perform any operations in the on-prem vCenter, users must have the necessary permissions on the vCenter.