Each user must have a unique account with one or more roles assigned to enforce a role-based security when they use vRealize Operations. You create a user account, and assign the account to be a member of one or more user groups to allow the user to inherit the roles and objects associated with the user group.

Where You Find the Access Control Options

You can manage user accounts and their associated user groups, roles, and passwords.

From the left menu, click Administration, and then click the Access Control tile.

Table 1. Access Control Tabs
Option Description

User Accounts

Add, edit, remove, or import vRealize Operations user accounts from an LDAP database, and manage user roles, their membership in groups, and the objects assigned for association with the user. Import user accounts from an LDAP database that resides on another machine.

vCenter Server users who are logged in to vRealize Operations, either logged in directly or through the vSphere Client, appear in the list of user accounts.

User Groups

Add, edit, or remove, or import vRealize Operations user groups, update the members in a group and the associated objects that they can access. Import user groups from an LDAP database or a single sign-on database that resides on another machine.

vRealize Operations continuously synchronizes the user membership of imported LDAP user groups when the autosync option is enabled in the LDAP configuration.


For users to perform actions in vRealize Operations, they must be assigned specific roles. With role-based access, when you assign a role to a user, you are determining not only what actions the user can perform in the system, but also the objects upon which those actions can be performed while holding the role. For example, to import or export a policy, the role assigned to your user account must have the Import or Export permissions enabled for policy management.

Password Policy

Manage local user passwords, set the criteria for account lockout, password strength, and the password change policy settings.