Your user role in Service Broker determines what you can see and do. Some roles are defined at the service organization level, and some are specific to Cloud Assembly.
User roles are defined for the organization in the vRealize Automation Cloud console. There are two types of roles, organization roles and service roles.
The organization roles are global and apply to all services in the organization. A user is assigned an Organization owner or Organization Member role.
For more information about the organization, service, and custom roles, start with the cloud user roles.
The Service Broker service roles, which are service-specific permissions, are also assigned at the organization level in the console.
Service Broker Service Roles
The Service Broker service roles determine what you can see and do in Service Broker. These service roles are defined in the console by an organization owner.
|Service Broker Administrator||Must have read and write access to the entire user interface and API resources. This is the only user role that can perform all tasks, including creating a new project and assigning a project administrator.|
|Service Broker User||Any user who does not have the Service Broker Administrator role.
In a Service Broker project, the administrator adds users to projects as project members, administrators, or viewers. The administrator can also add a project administrator.
|Service Broker Viewer||A user who has read access to see information but cannot create, update, or delete values.
Users with the viewer role can see all the information that is available to the administrator. They cannot take any action unless you make them a project administrator or a project member. If the user is affiliated with a project, they have the permissions related to the role. The project viewer would not extend their permissions the way that the administrator or member role does.
In addition to the service roles, Service Broker has project roles. Any project is available in all of the services.
The project roles are defined in Service Broker and can vary between projects.
In the following tables, which tells you what the different service and project roles can see and do, remember that the service administrators have full permission on all areas of the user interface.
Use the following descriptions of project roles will help you as you decide what permissions to give your users.
- Project administrators leverage the infrastructure that is created by the service administrator to ensure that their project members have the resources they need for their development work.
- Project members work within their projects to design and deploy cloud templates. In the following table, Your projects can include only resources that you own or resources that are shared with other project members.
- Project viewers are restricted to read-only access.
- Project supervisors are approvers in Service Broker for their projects where an approval policy is defined with a project supervisor approver. To provide the supervisor with context for approvals, consider also granting them the project member or viewer role.
|UI Context||Task||Service Broker Administrator||Service Broker Viewer||Service Broker User
User must be a project administrator to see and do project-related tasks.
|Project Administrator||Project Member||Project Viewer||Project Supervisor|
|Access Service Broker|
|Console||In the console, you can see and open Service Broker||Yes||Yes||Yes||Yes||Yes||Yes|
|See and open the Infrastructure tab||Yes||Yes|
|Configure - Projects||Create projects||Yes|
|Update, or delete values from project summary, provisioning, Kubernetes, integrations, and test project configurations.||Yes|
|Add users and groups, and assign roles in projects.||Yes||Yes. Your projects.|
|View projects||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Configure - Cloud Zones||Create, update, or delete cloud zones||Yes|
|View cloud zones||Yes||Yes|
|Configure - Kubernetes Zones||Create, update, or delete Kubernetes zones||Yes|
|View Kubernetes zones||Yes||Yes|
|Connections - Cloud Accounts||Create, update, or delete cloud accounts||Yes|
|View cloud accounts||Yes||Yes|
|Connections - Integrations||Create, update, or delete integrations||Yes|
|Connections - Cloud Proxies||Create, update, or delete cloud proxies||Yes|
|View cloud proxies||Yes||Yes|
|Activity - Requests||Delete deployment request records||Yes|
|View deployment request records||Yes|
|Activity - Event Logs||View event logs||Yes|
|Content and Policies|
|See and open the Content and Policies tab||Yes||Yes|
|Content Sources||Create, update, or delete content sources||Yes|
|View content sources||Yes||Yes|
|Content Sharing||Add or remove shared content||Yes|
|View shared content||Yes||Yes|
|Content||Customize form and configure item||Yes|
|Policies - Definitions||Create, update, or delete policy definitions||Yes|
|View policy definitions||Yes||Yes|
|Policies - Enforcement||View enforcement log||Yes||Yes|
|See and open the Catalog tab||Yes||Yes||Yes||Yes||Yes||Yes|
|View available catalog items||Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Request a catalog item||Yes||Yes. Your projects||Yes. Your projects|
|See and open the Resources tab||Yes||Yes||Yes.||Yes||Yes||Yes|
View deployments, including deployment details, deployment history, price, monitor, alerts, optimize, and troubleshooting information
|Yes||Yes||Yes. Your projects||Yes. Your projects||Yes. Your projects|
|Manage alerts||Yes||Yes. Your projects||Yes. Your projects|
|Run day 2 actions on deployments based on policies||Yes||Yes. Your projects||Yes. Your projects|
|Resources - All Resources||View all discovered resources||Yes||Yes|
|Run day 2 actions on discovered resources.
Actions available only on machines and limited to power on and off for all machines, and remote console for vSphere machines.
|View deployed and onboarded resources||Yes||Yes||Yes. Your projects.||Yes. Your projects.||Yes. Your projects.|
|Run Day 2 actions on deployed and onboarded resources based on policies||Yes||Yes||Yes. Your projects.||Yes. Your projects.|
|Resources - Virtual Machines||View discovered machines||Yes||Yes|
|Run day 2 actions on discovered machines.
Actions are limited to power on and off, and remote console for vSphere machines.
|Create New VM||Yes|
|View deployed and onboarded resources.||Yes||Yes. Your projects.||Yes. Your projects.||Yes. Your projects.|
|Run day 2 actions on deployed and onboarded resources based on policies||Yes||Yes. Your projects.||Yes. Your projects.|
|Resources - Volumes||View discovered volumes||Yes||Yes|
|No day 2 actions available|
|View deployed and onboarded volumes||Yes||Yes||Yes. Your projects.||Yes. Your projects.||Yes. Your projects.|
|Run day 2 actions on deployed and onboarded volumes based on policies||Yes||Yes. Your projects.||Yes. Your projects.|
|Resources - Networking and Security||View discovered networks, load balancers, and security groups||Yes||Yes|
|No day 2 actions available|
|View deployed and onboarded networks, load balancers, and security groups||Yes||Yes||Yes. Your projects.||Yes. Your projects.||Yes. Your projects.|
|Run day 2 actions on deployed and onboarded networks, load balancers, and security groups based on policies||Yes||Yes. Your projects.||Yes. Your projects.|
|See and open the Approvals tab||Yes||Yes||Yes||Yes||Yes||Yes|
|Respond to approval requests||Yes||Yes. Your projects and the policy approver is Project Administrator||Only if you are a named approver||Only if you are a named approver||Yes. Your projects and the policy approver is Project Supervisor|