What are the vRealize Automation user roles

vRealize Automation has several levels of user roles. These different level control access to the organization, the services, the projects that produce or consume the cloud templates, catalog items, and pipelines, and the ability for uses to use or see individual parts of the user interface. These different levels give cloud administrators different tools to apply any level of granularity that is required by their operational needs.

General role descriptions

The user roles are defined at different levels. The service level roles are defined for each service.

More details for the service roles is provided below this table.

Role	General permissions	Where the role is defined
Organization Owner	Can access the console and add users to organization. The organization owner cannot access a service unless they have a service role. More about the Organization User Roles	Organization console
Organization Member	Can access the console. The organization member cannot access a service unless they have a service role. More about the Organization User Roles	Organization console
Service Administrator	Can access the console and has full view, update, and delete privileges in the service. More about Cloud Assembly roles More about Service Broker roles More about Code Stream roles More about vRA Migration Assistant roles More about vRealize Orchestrator roles More about the SaltStack Config role	Organization console
Service User	Can access the console and the service with limited permissions. The service member has limited user interface. What they can see or do depends on their project membership. More about Cloud Assembly roles More about Service Broker roles More about Code Stream roles	Organization console
Service Viewer	Can access the console and the service in a view-only mode. More about Cloud Assembly roles More about Service Broker roles More about Code Stream roles More about vRA Migration Assistant roles More about vRealize Orchestrator roles	Organization console
Executor ( Code Stream only)	Can access the console and manage pipeline executions. More about Code Stream roles	Organization console
Orchestrator Workflow Designer (Orchestrator only)	Can create, run, edit, and delete their own vRealize Orchestrator Client content. Can add their own content to their assigned group. Does not have access to the administration and troubleshooting features of the vRealize Orchestrator Client. More about vRealize Orchestrator roles	Organization console
Project roles	Can view and manage project resources depending on project role. Project roles include administrator, member, and viewer. More about project roles	Cloud Assembly, Service Broker, and Code Stream
Custom roles	The permissions are defined by the Cloud Assembly Administrator for all the services. The user must have at least a service viewer role in the relevant services so that they can access the service. The custom roles take precedence over the service roles. More about custom roles	Cloud Assembly and Service Broker
Infrastructure administrator built-in role	Gives predefined permissions for tasks in vRealize Automation . More about the Infrastructure Administrator role	Using the API