Users with system-wide roles manage configuration that can apply to multiple tenants. The system administrator is only present in the default tenant, but IaaS administrators and fabric administrators can be in any tenant.

Table 1. System-Wide Roles and Responsibilities



How Assigned

System Administrator

  • Create tenants

  • Configure tenant identity stores

  • Assign IaaS administrator role

  • Assign tenant administrator role

  • Configure system default branding

  • Configure system default notification providers

  • Monitor system event logs, not including IaaS logs

  • Configure the vRealize Orchestrator server for use in the Advanced Services Designer

Built-in administrator credentials are specified when configuring single sign-on.

IaaS Administrator

  • Configure IaaS features, global properties

  • Manage IaaS licenses

  • Create and manage fabric groups

  • Create and manage endpoints

  • Manage endpoint credentials

  • Configure proxy agents

  • Manage Amazon AWS instance types

  • Monitor IaaS-specific logs

The system administrator designates the IaaS administrator when configuring a tenant.

Fabric Administrator

  • Manage build profiles

  • Manage compute resources

  • Manage cost profiles

  • Manage network profiles

  • Manage Amazon EBS volumes and key pairs

  • Manage machine prefixes

  • Manage property dictionary

  • Manage reservations and reservation policies

The IaaS administrator designates the fabric administrator when creating or editing fabric groups.