As a Cloud Assembly administrator, you can create custom roles that define what users can see and do in vRealize Automation. You can then assign users to those roles.
Customer user role permissions
Using Cloud Assembly, you can define more granular user roles and then assign users to those roles. The custom roles have two categories, view and manage.
- View. A user assigned to a role with this permission can see all the items for all projects in the selected sections of the user interface. This role is useful for users who need to see accounts, configurations, or assigned values.
- Manage. A user assigned to a role with this permission can see all the items and has full add, edit, and delete permissions for all projects in the selected sections of the user interface.
These permissions extend the privileges that are granted by the other roles and are not restricted by project membership. For example, you can expand a project administrator's permissions to manage parts of the infrastructure or give a service viewer an ability to review and respond to approvals requests.
How do I create custom user roles
To define the user roles and assign users, open Cloud Assembly or Service Broker as a service administrator. You cannot configure the custom roles in Code Stream, however the roles apply to all the services.
- Select .
- Click New Custom Role and enter a unique Name that you can identify when you assign users to the role.
- Select the check boxes that correspond to the permissions you want the users to have over the resources.
- Click Create.
- In the list, click the custom role name and click Assign.
- Add the users or groups that you want to have this role and click Add.
How do I determine what custom roles the users have
To manage the users with the custom roles, you can review the users and groups.
- Select .
- Review the Custom Roles column to locate users with the role.
- To add or remove roles for a user, click the user's name and then modify the custom role assignments.
Custom Role Descriptions
In most cases the role description is provided in the user interface. However, there are some extended descriptions provided in the following table.
User Interface | Permission | Description |
---|---|---|
Infrastructure | ||
View Cloud Accounts. | View cloud accounts. | |
Manage Cloud Accounts | Create, update, or delete cloud accounts. | |
View Image Mappings | View image mappings. | |
Manage Image Mappings | Create, update, or delete image mappings. | |
View Flavor Mappings | View flavor mappings. | |
Manage Flavor Mappings | Create, update, or delete flavor mappings. | |
View Cloud Zones | View cloud zones, Insights, and alerts. |
|
Manage Cloud Zones | Create, update, or delete cloud zones. Manage alerts. |
|
View Requests | View activity requests. | |
Manage Requests | Delete requests from the list. | |
View Integrations | View integrations. | |
Manage Integrations | Create, update, or delete integrations. | |
View Projects | View projects. | |
Manage Projects | Create projects. Add users and assign roles in projects. Update, or delete values from project summary, users, provisioning, Kubernetes, integrations, and test project configurations. | |
View Onboarding Plans | View onboarding plans | |
Manage Onboarding Plans | Create, update, run, or delete onboarding plans | |
Catalog | ||
View Content | ||
Manage Content | Add, update, delete content sources. Customize the content, including the catalog icons and request forms. |
|
Policies | ||
View Policies | View policy definitions. | |
Manage Policies | Create, update, or delete policy definitions. | |
Deployments | ||
View Deployments | View all deployments, including deployment details, deployment history, alerts, and troubleshooting information. |
|
Manage Deployments | View all deployments, respond to alerts, and run all day 2 actions that the day 2 policies allow an administrator to run on deployments and deployment components. |
|
Cloud Templates | ||
View Cloud Templates |
View cloud templates. | |
Manage Cloud Templates |
Create, update, test, delete, version, share cloud templates, and release/unrelease a cloud template version. | |
Edit Cloud Templates |
Create, update, test, version, share cloud templates, and release/unrelease a cloud template version. The role does not have permission to delete cloud templates. | |
Deploy Cloud Templates |
Test and deploy any cloud template in any project. |
|
Deploy In-line Cloud Template Content |
Deploy any cloud template in the projects that the assignees are associated with. The project roles can be administrator, member, or viewer. |
|
XaaS | ||
View Custom Resources | View custom resources. | |
Manage Custom Resources | Create, update or delete custom resources. | |
View Resource Actions | View custom actions. | |
Manage Resource Actions | Create, update, or delete custom actions | |
Extensibility | ||
View Extensibility Resources | View events, subscriptions, event topics, actions, workflows, action runs, and workflow runs. | |
Manage Extensibility Resources | Create, update, delete, and deactivate extensibility subscriptions. Create, update, or delete extensibility actions. Cancel or delete extensibility action runs. |
|
Pipeline | ||
Manage Pipelines | Create, edit, and delete pipeline, endpoint, variable, and trigger configurations. Restricted models are excluded. |
|
Manage Restricted Pipelines | Create, edit, and delete pipeline, endpoint, variable, and trigger configurations. Restricted models are included. |
|
Manage Custom Integrations | Add, edit, and delete custom integrations. | |
Execute Pipelines | Run pipeline model executions and triggers, and pause, cancel, resume, or re-run the executions and triggers. | |
Execute Restricted Pipelines | Run pipeline model executions and triggers, and pause, cancel, resume, or re-run the executions and triggers. Resolve restricted endpoints and variables. |
|
Manage Executions | Run pipeline model executions and triggers, and pause, cancel, resume, or re-run the executions and triggers. Resolve restricted endpoints and variables. Delete executions. |
|
Approval | ||
Manage Approvals | View the Approvals tab where you can approve or reject approval requests. Approver with this role will not receive an email notification about an approval request unless they are an approver in the policy. |