As a vRealize Automation Cloud organization owner, you are responsible for managing the access and the budget for your infrastructure resources. You have a team of cloud template developers who iteratively create and deploy templates for different projects until they are ready to deliver to their consumers. You then deliver the deployable resources to the consumers in a catalog.

This use case assumes that you understand that use case 1 is an administrator-only use case. You now want to expand your system to support more teams and larger goals.

  • Let developers create and deploy their own application cloud templates during development. You add yourself as administrator, then add additional users with both the service user and the service viewer role. Next, you add the users a as project members. The project members can develop and deploy their own cloud templates.
  • Publish cloud templates to a catalog where you make them available for non-developers to deploy. Now you are assigning user roles for Service Broker. Service Broker provides a catalog for the cloud template consumers. You can also use it to create policies, including leases and entitlements, but that functionality is not part of this user role use case.

Prerequisites

Procedure

  1. Assign organization member roles to your cloud template developer users.
    If you need instructions, see the previous use case.
  2. Assign the Cloud Assembly service member role to your cloud template developers.
    1. Click Add Service Access.

      Organization member and service member.
    2. Configure the user with the following value.
      Service Role
      Cloud Assembly

      Cloud Assembly User

      Cloud Assembly Cloud Assembly Viewer
      In this use case, your developers need to see the infrastructure to ensure that they are building deployable cloud templates. As users that you will assign as project administrators and project members in the next step, they cannot see the infrastructure. As service viewers they can see how the infrastructure is configured, but cannot make any changes. As the cloud administrator, you remain in control, but give them access to the information they need to develop cloud templates.
  3. Create projects in Cloud Assembly that you use to group resources users.
    In this use case, you create two projects. The first project is PersonnelAppDev and the second is PayrollAppDev.
    1. In the console, click the Services tab, and then click Cloud Assembly.
    2. Select Infrastructure > Projects > New Project.
    3. Enter PersonnelAppDev as the name.
    4. Click Users, and then click Add Users.
    5. Add project members and assign a project administrator.
      Project Role Description
      Project User A project member is the primary developer user role in a project. Projects determine what cloud resources are available when you are ready to test your development work by deploying a cloud template.
      Project Administrator A project administrator supports their developers by adding and removing users for your projects. You can also delete your projects. To create a project, you must have service administrator privileges.
    6. For the users that you are adding as project members, enter the email address of each user, separated by a comma, and select User in the Assign role drop-down menu.
      For example, tony@mycompany.com,sylvia@mycompany.com.

      List of project members and the administrator.
    7. For the designated administrators, select Administrator in the Assign role drop-down menu and provide the necessary email address.
    8. Click the Provisioning tab and add one or more cloud zones.
      When the cloud template developers who are part of this project deploy a template, it is deployed to the resources available in the cloud zones. You must ensure that the cloud zone resources match the needs of the project development team templates.
    9. Repeat the process to add the PayrollAppDev project with the necessary users and an administrator.
  4. Provide the service user with the necessary login information and verify that the members of each project can do the following tasks.
    1. Open Cloud Assembly.
    2. See the infrastructure across all projects.
    3. Create a cloud template for the project that they are a member of.
    4. Deploy the cloud template to the cloud zone resources defined in the project.
    5. Manage their deployments.
  5. Assign organization member roles to your cloud template developer users.
    If you need instructions, see the first use case.
  6. Assign roles to a catalog administrator, catalog consumers, and cloud template developers based on their job.
    1. Click Add Service Access.
    2. Configure the catalog administrator with the following value.
      This role might be you, the cloud administrator, or it might be someone else on your application development team.
      Service Role
      Service Broker

      Service Broker Administrator

    3. Configure the cloud template consumers with the following value.
      Service Role
      Service Broker

      Service Broker User


      Configure the service user.
    4. Configure the cloud template developers with the following value.
      Service Role
      Cloud AssemblyCloud Assembly

      Cloud Assembly User

  7. Create projects in Cloud Assembly that you use to group resources and users.
    In this use case, you create two projects. The first project is PersonnelAppDev and the second is PayrollAppDev.
    If you need instructions, see the previous use case.
  8. Create and release cloud templates for each project team.
    If you need instructions, see the first scenario.
  9. Import a Cloud Assembly cloud template into Service Broker.
    You must log in as a user with the Service Broker Administrator role.
    1. Log in as a user with the Service Broker Administrator role.
    2. In the console, click Service Broker.
    3. Select Content and Policies > Content Sources, and click New.

      Configure the content source.
    4. Select Cloud Assembly Cloud Template.
    5. Enter PersonnelAppImport as the name.
    6. In the Source project drop-down menu, select PersonnelAppDev and click Validate.
    7. When the source is validated, click Create and Import.
    8. Repeat for PayrollAppDev using PayrollAppImport as the content source name.
  10. Share an imported cloud template with a project.
    Although the cloud template is already associated with a project, you share it in Service Broker to make it available in the catalog.
    1. Continue as a user with the Service Broker administrator role.
    2. In Service Broker, select Content and Policies > Content Sharing.
    3. Select the PersonnelAppDev project, which includes the users who must be able to deploy the cloud template from the catalog.
    4. Click Add Items and then select the PersonnelApp cloud template to share with the project members.

      Select the cloud templates for sharing.
    5. Click Save.
  11. Verify that the cloud template is available in the Service Broker catalog to the project members.
    1. Request that a project member log in and click the Catalog tab.

      Locate the catalog item.
    2. Click Request on the PersonnelApp cloud template card.
    3. Complete the form and click Submit.
  12. Verify that the project member can monitor the deployment process.
    1. Request that the project member select Resources > Deployments and locate their provisioning request.

      Locate the deployment.
    2. When the cloud template is deployed, verify that the requesting user access the application.
  13. Repeat the process for the additional projects.

Results

In this use case, recognizing that need to delegate the cloud template development to the developers, you add more organization members. You made them Cloud Assembly users. You then made them members of relevant projects so that they can create and deploy cloud templates. As project members, they cannot see or alter the infrastructure that you continue to manage, but you gave them full service viewer permissions sot that they could understand the constraints of infrastructure that they are designing for.

In this use case, you configure users with various roles, including the Service Broker administrator and users. You then provide the non-developer users with the Service Broker catalog.

What to do next

To learn how to define and assign custom roles to user, see User role use case 3: Set up vRealize Automation Cloud custom user roles to refine system roles.