As a vRealize Automation organization owner or service administrator, you manage user access using the organization and service system roles. However, you also want to create custom roles to that selected users and perform tasks or see content that is outside of their system roles.
This scenario assumes that you understand the service user and viewer, and the project member and viewer roles that are defined in use case 2. You can see that they are more restrictive than the service and project administrator roles used in use case 1. Now you have identified some local use cases where you want some users to have full management permissions to on some features, view permissions on others, and you do not want them to even view yet another set of features. You use custom roles define those permission.
- Restricted Infrastructure Administrator. You want some service users, who are not service administrators, to have broader infrastructure permissions. As the administrator, you want them to help set up cloud zones, images, and flavors. You also want them to be able on on-board and manage discovered resources. Notice they cannot add cloud accounts or integrations, they can only define the infrastructure for those endpoints.
- Extensibility Developer. You want some service users to have full permissions to use the extensibility actions and subscriptions as part of cloud template development for their project team and for other projects. They will also develop custom resource types and custom actions for multiple projects.
- XaaS Developer. You want some service users to have full permissions to develop custom resource types and custom actions for multiple projects.
- Deployment Troubleshooter. You want your project administrators to have permissions they need to troubleshoot and perform root cause analysis on failed deployments. You give them manage permissions on non-destructive or less expensive categories such as image and flavor mappings. You also want the project administrators to have permission to set approvals and day 2 policies as part of the failed deployment troubleshooting role.
Prerequisites
- Review the Cloud Assembly and Service Broker service roles and project roles tables in What are the vRealize Autmoation Cloud user roles. You must understand what each service user role can see and do in those services.
- Review the Custom Roles descriptions so that you know more about how you can refine the permissions for your users.
- Review the first use case so that you understand organization roles and the service administrator roles. See User role use case 1: Set up the vRealize Automation user roles to support a small application development team.
- Review the second use case so that you understand the service user and project member roles. See User role use case 2: Set up vRealize Automation user roles to support larger development teams and the catalog.
- Familiarize yourself with Service Broker. See Adding content to the catalog.
Procedure
Results
In this use case, you configure different users with various roles, including custom roles that expand their service and project roles.
What to do next
Create custom roles that address your local use cases.