vRealize Automation has several levels of user roles. These different level control access to the organization, the services, the projects that produce or consume the cloud templates, catalog items, and pipelines, and the ability for uses to use or see individual parts of the user interface. These different levels give cloud administrators different tools to apply any level of granularity that is required by their operational needs.
General role descriptions
The user roles are defined at different levels. The service level roles are defined for each service.
More details for the service roles is provided below this table.
Role | General permissions | Where the role is defined |
---|---|---|
Organization Owner | Can access the console and add users to organization. The organization owner cannot access a service unless they have a service role. More about the Organization User Roles |
Organization console |
Organization Member | Can access the console. The organization member cannot access a service unless they have a service role. More about the Organization User Roles |
Organization console |
Service Administrator | Can access the console and has full view, update, and delete privileges in the service. | Organization console |
Service User | Can access the console and the service with limited permissions. The service member has limited user interface. What they can see or do depends on their project membership. |
Organization console |
Service Viewer | Can access the console and the service in a view-only mode. | Organization console |
Executor ( Code Stream only) | Can access the console and manage pipeline executions. | Organization console |
Orchestrator Workflow Designer (Orchestrator only) | Can create, run, edit, and delete their own vRealize Orchestrator Client content. Can add their own content to their assigned group. Does not have access to the administration and troubleshooting features of the vRealize Orchestrator Client. | Organization console |
Project roles | Can view and manage project resources depending on project role. Project roles include administrator, member, and viewer. |
Cloud Assembly, Service Broker, and Code Stream |
Custom roles | The permissions are defined by the Cloud Assembly Administrator for all the services. The user must have at least a service viewer role in the relevant services so that they can access the service. The custom roles take precedence over the service roles. |
Cloud Assembly and Service Broker |
Infrastructure administrator built-in role | Gives predefined permissions for tasks in vRealize Automation . | Using the API |