You can assign tenant roles to users in any tenant. The roles have responsibilities that are specific to that tenant.

Table 1. Tenant Roles and Responsibilities

Role

Responsibilities

How Assigned

Tenant administrator

  • Manage tenant identity stores.

  • Manage user and group roles.

  • Create custom groups.

  • Customize tenant branding.

  • Manage notification providers.

  • Enable notification scenarios for tenant users.

  • Create and manage approval policies.

  • Manage catalog services.

  • Manage catalog items.

  • Manage actions.

  • Manage entitlements.

  • Monitor tenant machines and send reclamation requests.

  • Configure vRealize Orchestrator servers, plug-ins and workflows for use in the Advanced Services Designer.

  • Create and publish shared machine blueprints from IaaS.

The system administrator designates a tenant administrator when creating a tenant. Tenant administrators can assign the role to other users in the tenant.

Service architect

  • Define custom resource types.

  • Create and publish service blueprints in the Advanced Services Designer.

  • Create and publish custom actions.

The tenant administrator can assign this role to give a user or group the rights to create custom services in the Advanced Service Designer.

Application architect

  • Create, modify, and delete applications in Application Services.

The tenant administrator can assign this role to a user or group.The user or group must be in the tenant registered with Application Services.

Application catalog administrator

  • Define services, templates, operating systems, tasks, and tags in the Application Services library.

The tenant administrator can assign this role to a user or group. The user or group must be in the tenant registered with Application Services.

Application cloud administrator

  • Define resources and deployment environments.

The tenant administrator can assign this role to a user or group. The user or group must be in the tenant registered with Application Services.

Application publisher and developer

  • Deploy applications into the vRealize Automation catalog.

  • Create, update, and publish services, library items, and actions in Application Services.

The tenant administrator can assign this role to a user or group. The user or group must be in the tenant registered with Application Services.

Business group manager

  • Create and publish business group–specific machine blueprints from IaaS.

  • Manage business group–specific catalog items and entitlements.

  • Monitor resource usage in a business group.

The tenant administrator designates the business group manager when creating or editing business groups.

Support user

  • Request and manage items on behalf of other users within their business groups.

The tenant administrator designates the support user when creating or editing business groups.

Business user

  • Request and manage services.

The tenant administrator designates the business users who can consume IT services when creating or editing business groups.

Approval administrator

  • Create and manage approval policies.

The tenant administrator can assign this role to give a user or group rights to manage approval policies.

Approver

  • Approve catalog requests, including provisioning requests or any resource actions.

The tenant administrator or approval administrator creates approval policies and designates the approvers for each policy.