Tenant administrators can create custom groups by combining other custom groups, identity store groups, and individual identity store users. Custom groups provide more granular control over access within vRealize Automation than business groups which correspond to a line of business, department, or other organizational unit.

Custom groups enable you to grant access rights for tasks on a finer basis than the standard vRealize Automation group assignments. For instance, you may want to create a custom group to allow tenant administrators to control who has specific permissions within the tenant.

You can assign roles to your custom group, but it is not necessary in all cases. For example, you can create a custom group called Machine Specification Approvers, to use for all machine pre-approvals. You can also create custom groups to map to your business groups so that you can manage all groups in one place. In those cases, you do not need to assign roles.


Log in to vRealize Automation as a tenant administrator.


  1. Select Administration > Users & Groups > Custom Groups.
  2. Click New.
  3. Enter a group name in the Name text box.
    Custom group names cannot contain the combination of a semicolon (;) followed by an equal sign (=).
  4. (Optional) Enter a description in the Description text box.
  5. Select one or more roles from the Add Roles to this Group list.
    The Authorities Granted by Selected Roles list indicates the specific authorities you are granting.
  6. Click Next.
  7. Add users and groups to create your custom group.
    1. Enter a user or group name in the Search box and press Enter.
      Do not use an at sign (@), backslash (\), or slash (/) in a name. You can optimize your search by typing the entire user or group name in the form user@domain.
    2. Select the user or group to add to your custom group.
  8. Click Finish.


Users who are currently logged in to the vRealize Automation must log out and log back in to the vRealize Automation before they can navigate to the pages to which they have been granted access.