You can assign tenant roles to users in any tenant. The roles have responsibilities that are specific to that tenant.

Table 1. Tenant Roles and Responsibilities

Role

Responsibilities

How Assigned

Tenant administrator

  • Customize tenant branding.

  • Manage tenant identity stores.

  • Manage user and group roles.

  • Create custom groups.

  • Manage notification providers.

  • Enable notification scenarios for tenant users.

  • Configure vRealize Orchestrator servers, plug-ins and workflows for XaaS.

  • Create and manage catalog services.

  • Manage catalog items.

  • Manage actions.

  • Create and manage entitlements.

  • Create and manage approval policies.

  • Monitor tenant machines and send reclamation requests.

The system administrator designates a tenant administrator when creating a tenant. Tenant administrators can assign the role to other users in their tenant at any time from the Administration tab.

Fabric administrator

  • Manage property groups.

  • Manage compute resources.

  • Manage network profiles.

  • Manage Amazon EBS volumes and key pairs.

  • Manage machine prefixes.

  • Manage property dictionary.

  • Create and manage reservations and reservation policies in their own tenant.

  • If this role is added to a user with IaaS administrator or system administrator privileges, the user can create and manage reservations and reservation policies in any tenant.

The IaaS administrator designates the fabric administrator when creating or editing fabric groups.

Application architect

To successfully add software components to the design canvas, you must also have business group member, business group administrator, or tenant administrator role access to the target catalog.

  • Assemble and manage composite blueprints.

Tenant administrators can assign this role to users in their tenant at any time from the Administration tab.

Infrastructure architect

To successfully add software components to the design canvas, you must also have business group member, business group administrator, or tenant administrator role access to the target catalog.

  • Create and manage infrastructure blueprint components.

  • Assemble and manage composite blueprints.

Tenant administrators can assign this role to users in their tenant at any time from the Administration tab.

XaaS architect

  • Define custom resource types.

  • Create and publish XaaS blueprints.

  • Create and manage resource mappings.

  • Create and publish resource actions.

Tenant administrators can assign this role to users in their tenant at any time from the Administration tab.

Software architect

To successfully add software components to the design canvas, you must also have business group member, business group administrator, or tenant administrator role access to the target catalog.

  • Create and manage software blueprint components.

  • Assemble and manage composite blueprints.

Tenant administrators can assign this role to users in their tenant at any time from the Administration tab.

Container architect

  • Add, edit, and remove container components in a blueprint by using options on the Design tab.

  • Add, edit, and remove container network components in a blueprint by using options on the Design tab.

Tenant administrators can assign this role to users and groups in their tenant at any time from the Administration tab.

Container administrator

Use all available options in the Containers tab, including the following tasks:

  • Configure container hosts, placements, and registries

  • Configure container network settings

  • Create container templates

Tenant administrators can assign this role to users and groups in their tenant at any time from the Administration tab.

Catalog administrator

  • Create and manage catalog services.

  • Manage catalog items.

  • Assign icons to actions.

Tenant administrators can assign this role to users in their tenant at any time from the Administration tab.

Business group manager

  • Add and delete users within the business group.

  • Assign support user roles to users in the business group.

  • Create and manage entitlements for the business group.

  • Request and manage items on behalf of a user in the business group.

  • Assign approval policies for the business group.

  • Monitor resource usage in a business group.

  • Change machine owner.

The tenant administrator designates the business group manager when creating or editing business groups.

Shared access user

  • Use and run actions on the resources that other business group members deploy.

  • Can request a deployment for themself but cannot request a deployment on behalf of another user.

The tenant administrator designates the shared access users when creating or editing business groups.

Approval administrator

  • Create and manage approval policies.

Tenant administrators can assign this role to users in their tenant at any time from the Administration tab.

Approver

  • Approve service catalog requests, including provisioning requests or any resource actions.

The tenant administrator or approval administrator creates approval policies and designates the approvers for each policy.

Support user

  • Request and manage service catalog items on behalf of the other members of the business group

  • Change machine owner.

The tenant administrator designates the support user when creating or editing business groups.

Business user

  • Request service catalog items to which they are entitled.

  • Manage their provisioned resources.

The tenant administrator designates the business users who can consume IT services when creating or editing business groups.

Health Consumer

  • Can view test results.

  • Cannot configure, edit, or delete a test.

The IaaS administrator designates privilege to any role..

Security administrator

  • Create a message board whitelist.

Tenant administrators can assign this role to users in their tenant at any time from the Administration tab.