Users with system-wide roles manage configurations that can apply to multiple tenants. The system administrator is only present in the default tenant, but you can assign IaaS administrators to any tenant.

Table 1. System-Wide Roles and Responsibilities

Role

Responsibilities

How Assigned

System Administrator

  • Create tenants.

  • Configure tenant identity stores.

  • Assign IaaS administrator role.

  • Assign tenant administrator role.

  • Configure system default branding.

  • Configure system default notification providers.

  • Monitor system event logs, not including IaaS logs.

  • Configure the vRealize Orchestrator server for use with XaaS.

  • Create and manage (view, edit, and delete) reservations across tenants if also a fabric administrator.

Built-in administrator credentials are specified when configuring single sign-on.

IaaS Administrator

  • Configure IaaS features, global properties.

  • Create and manage fabric groups.

  • Create and manage endpoints.

  • Manage endpoint credentials.

  • Configure proxy agents.

  • Manage Amazon AWS instance types.

  • Monitor IaaS-specific logs.

  • Create and manage (view, edit, and delete) reservations across tenants if also a fabric administrator.

The system administrator designates the IaaS administrator when configuring a tenant.