You can use container-specific roles to control who can create and configure containers by using options in the vRealize Automation Containers tab and who can add and configure container components in blueprints by using options in the Design tab.

When you enable Containers, two container-specific roles appear in the list of roles that a vRealize Automation tenant administrator can assign to users and groups.

User Role


Container Administrator

Users and groups with this role can see the Containers tab in vRealize Automation. They can use all theContainers options, such as configuring hosts, placements, and registries. They can also create templates and provision containers and applications for configuration and validation purposes.

Container Architect

Users and groups with this role can use containers as components when creating and editing blueprints in vRealize Automation. They have permission to see the Design tab in vRealize Automation and to work with blueprints.

For related information about vRealize Automation administrator and user roles, see Tenant Roles and Responsibilities in vRealize Automation.

Tenant administrators can assign one or both of these roles to users or groups in their tenant at any time by using options on the vRealize Automation Administration tab.

IaaS administrators automatically inherit the container administrator permissions to perform Containers administrative tasks.

Consumers of catalog items that involve containers inherit the necessary privileges to access the resources provided by the Containers. They can open and see the details of their container-related items and perform day-two operations on them.

vRealize Automation users authenticated through VMware Identity Manager have access to Containers.

vRealize Automation multi-tenancy and business group membership is implemented in Containers.