Assign Cloud Assembly and Service Broker User Roles

Aside from assigning users at the project level, you must also assign the organisation role to users within vRealize Automation Identity and Access Management service. You assign roles so users have access to their required vRealize Automation services. In this use case, the services are Cloud Assembly and Service Broker.

You can assign roles in vRealize Automation when you first log in as an administrator by navigating to Identity and Access Management and assigning the required service roles to the user. For more information on editing user roles from the vRealize Automation user interface, see How do I edit user roles in vRealize Automation in Administering vRealize Automation.

You can also assign roles by using a POST API call that uses the /csp/gateway/portal/api/orgs/${ORGANISATION_ID}/groups URL.

{
 "ids": [
 "${GROUP_ID}"
 ],
 "organizationRoleNames": [
 "org_member"
 ],
 "serviceRoles": [
 {
 "serviceDefinitionId": "${CLOUD_ASSEMBLY_SERVICE_ID}",
 "serviceRoleNames": [
 "automationservice:user"
 ]
 },
 {
 "serviceDefinitionId": "${SERVICE_BROKER_SERVICE_ID}",
 "serviceRoleNames": [
 "catalog:user"
 ]
 }
 ]
}