As a Cloud Assembly administrator, you can create custom roles that define what users can see and do in vRealize Automation. You can then assign users to those roles.

Custom User Role Permissions

Using Cloud Assembly, you can define more granular user roles and then assign users to those roles. The custom roles have two categories, view and manage.

  • View. A user assigned to a role with this permission can see all the items for all projects in the selected sections of the user interface. This role is useful for users who need to see accounts, configurations, or assigned values.
  • Manage. A user assigned to a role with this permission can see all the items and has full add, edit, and delete permissions for all projects in the selected sections of the user interface.

These permissions extend the privileges that are granted by the other roles and are not restricted by project membership. For example, you can expand a project administrator's permissions to manage parts of the infrastructure or give a service viewer an ability to review and respond to approvals requests.

To define the user roles and assign users, open Cloud Assembly or Service Broker as a service administrator and select Infrastructure > Administration > Custom Roles. You cannot configure the custom roles in Code Stream, however the roles apply to all the services.

Table 1. Custom Roles
User Interface Permission Description
Infrastructure
View Cloud Accounts. View cloud accounts.
Manage Cloud Accounts Create, update, or delete cloud accounts.
View Image Mappings View image mappings.
Manage Image Mappings Create, update, or delete image mappings.
View Flavor Mappings View flavor mappings.
Manage Flavor Mappings Create, update, or delete flavor mappings.
View Cloud Zones

View cloud zones, Insights, and alerts.

Manage Cloud Zones

Create, update, or delete cloud zones. Manage alerts.

View Requests View activity requests.
Manage Requests Delete requests from the list.
View Integrations View integrations.
Manage Integrations Create, update, or delete integrations.
View Projects View projects.
Manage Projects Create projects. Add users and assign roles in projects. Update, or delete values from project summary, users, provisioning, Kubernetes, integrations, and test project configurations.
View Onboarding Plans View onboarding plans
Manage Onboarding Plans Create, update, run, or delete onboarding plans
Catalog
View Content
Manage Content Add, update, delete content sources.

Customize the content, including the catalog icons and request forms.

Policies
View Policies View policy definitions.
Manage Policies Create, update, or delete policy definitions.
Deployments
View Deployments

View all deployments, including deployment details, deployment history, alerts, and troubleshooting information.

Manage Deployments

View all deployments, respond to alerts, and run all day 2 actions that the day 2 policies allow an administrator to run on deployments and deployment components.

Cloud Templates

View Cloud Templates

View cloud templates.

Manage Cloud Templates

Create, update, test, delete, version, share cloud templates, and release/unrelease a cloud template version.

Edit Cloud Templates

Create, update, test, version, share cloud templates, and release/unrelease a cloud template version. The role does not have permission to delete cloud templates.

Deploy Cloud Templates

Test and deploy any cloud template in any project.

Deploy In-line Cloud Template Content

Deploy any cloud template in the projects that the assignees are associated with. The project roles can be administrator, member, or viewer.

XaaS
View Custom Resources View custom resources.
Manage Custom Resources Create, update or delete custom resources.
View Resource Actions View custom actions.
Manage Resource Actions Create, update, or delete custom actions
Extensibility
View Extensibility Resources View events, subscriptions, event topics, actions, workflows, action runs, and workflow runs.
Manage Extensibility Resources Create, update, delete, and deactivate extensibility subscriptions.

Create, update, or delete extensibility actions. Cancel or delete extensibility action runs.

Pipeline
Manage Pipelines Create, edit, and delete pipeline, endpoint, variable, and trigger configurations.

Restricted models are excluded.

Manage Restricted Pipelines Create, edit, and delete pipeline, endpoint, variable, and trigger configurations.

Restricted models are included.

Manage Custom Integrations Add, edit, and delete custom integrations.
Execute Pipelines Run pipeline model executions and triggers, and pause, cancel, resume, or re-run the executions and triggers.
Execute Restricted Pipelines Run pipeline model executions and triggers, and pause, cancel, resume, or re-run the executions and triggers.

Resolve restricted endpoints and variables.

Manage Executions Run pipeline model executions and triggers, and pause, cancel, resume, or re-run the executions and triggers.

Resolve restricted endpoints and variables.

Delete executions.

Approval
Manage Approvals

View the Approvals tab where you can approve or reject approval requests.

Approver with this role will not receive an email notification about an approval request unless they are an approver in the policy.