As a Cloud Assembly administrator, you can create custom roles that define what users can see and do in vRealize Automation. You can then assign users to those roles.
Custom User Role Permissions
Using Cloud Assembly, you can define more granular user roles and then assign users to those roles. The custom roles have two categories, view and manage.
- View. A user assigned to a role with this permission can see all the items for all projects in the selected sections of the user interface. This role is useful for users who need to see accounts, configurations, or assigned values.
- Manage. A user assigned to a role with this permission can see all the items and has full add, edit, and delete permissions for all projects in the selected sections of the user interface.
These permissions extend the privileges that are granted by the other roles and are not restricted by project membership. For example, you can expand a project administrator's permissions to manage parts of the infrastructure or give a service viewer an ability to review and respond to approvals requests.
To define the user roles and assign users, open Cloud Assembly or Service Broker as a service administrator and select . You cannot configure the custom roles in Code Stream, however the roles apply to all the services.
| User Interface | Permission | Description |
|---|---|---|
| Infrastructure | ||
| View Cloud Accounts. | View cloud accounts. | |
| Manage Cloud Accounts | Create, update, or delete cloud accounts. | |
| View Image Mappings | View image mappings. | |
| Manage Image Mappings | Create, update, or delete image mappings. | |
| View Flavor Mappings | View flavor mappings. | |
| Manage Flavor Mappings | Create, update, or delete flavor mappings. | |
| View Cloud Zones | View cloud zones, Insights, and alerts. |
|
| Manage Cloud Zones | Create, update, or delete cloud zones. Manage alerts. |
|
| View Requests | View activity requests. | |
| Manage Requests | Delete requests from the list. | |
| View Integrations | View integrations. | |
| Manage Integrations | Create, update, or delete integrations. | |
| View Projects | View projects. | |
| Manage Projects | Create projects. Add users and assign roles in projects. Update, or delete values from project summary, users, provisioning, Kubernetes, integrations, and test project configurations. | |
| View Onboarding Plans | View onboarding plans | |
| Manage Onboarding Plans | Create, update, run, or delete onboarding plans | |
| Catalog | ||
| View Content | ||
| Manage Content | Add, update, delete content sources. Customize the content, including the catalog icons and request forms. |
|
| Policies | ||
| View Policies | View policy definitions. | |
| Manage Policies | Create, update, or delete policy definitions. | |
| Deployments | ||
| View Deployments | View all deployments, including deployment details, deployment history, alerts, and troubleshooting information. |
|
| Manage Deployments | View all deployments, respond to alerts, and run all day 2 actions that the day 2 policies allow an administrator to run on deployments and deployment components. |
|
| Cloud Templates | ||
| View Cloud Templates |
View cloud templates. | |
| Manage Cloud Templates |
Create, update, test, delete, version, share cloud templates, and release/unrelease a cloud template version. | |
| Edit Cloud Templates |
Create, update, test, version, share cloud templates, and release/unrelease a cloud template version. The role does not have permission to delete cloud templates. | |
| Deploy Cloud Templates |
Test and deploy any cloud template in any project. |
|
| Deploy In-line Cloud Template Content |
Deploy any cloud template in the projects that the assignees are associated with. The project roles can be administrator, member, or viewer. |
|
| XaaS | ||
| View Custom Resources | View custom resources. | |
| Manage Custom Resources | Create, update or delete custom resources. | |
| View Resource Actions | View custom actions. | |
| Manage Resource Actions | Create, update, or delete custom actions | |
| Extensibility | ||
| View Extensibility Resources | View events, subscriptions, event topics, actions, workflows, action runs, and workflow runs. | |
| Manage Extensibility Resources | Create, update, delete, and deactivate extensibility subscriptions. Create, update, or delete extensibility actions. Cancel or delete extensibility action runs. |
|
| Pipeline | ||
| Manage Pipelines | Create, edit, and delete pipeline, endpoint, variable, and trigger configurations. Restricted models are excluded. |
|
| Manage Restricted Pipelines | Create, edit, and delete pipeline, endpoint, variable, and trigger configurations. Restricted models are included. |
|
| Manage Custom Integrations | Add, edit, and delete custom integrations. | |
| Execute Pipelines | Run pipeline model executions and triggers, and pause, cancel, resume, or re-run the executions and triggers. | |
| Execute Restricted Pipelines | Run pipeline model executions and triggers, and pause, cancel, resume, or re-run the executions and triggers. Resolve restricted endpoints and variables. |
|
| Manage Executions | Run pipeline model executions and triggers, and pause, cancel, resume, or re-run the executions and triggers. Resolve restricted endpoints and variables. Delete executions. |
|
| Approval | ||
| Manage Approvals | View the Approvals tab where you can approve or reject approval requests. Approver with this role will not receive an email notification about an approval request unless they are an approver in the policy. |
