You can assign users-specific roles to perform actions and view features and objects in vRealize Operations. With role-based access, users can only perform the actions that their permissions allow.

Where You Manage User Roles

  1. To manage user roles, from the left menu, click Administration, and then click the Access Control tile.
  2. Click the Roles tab.

You can view and edit details about a role, by selecting a role in the summary grid, and clicking the Edit icon in the Roles toolbar.

Table 1. Access Control Roles Summary Grid
Option Description

Roles toolbar

To manage roles, use the toolbar icons.
  • Click the Add icon. to add a user role, and provide the name and description for the role in the Create Role dialog box.
  • Click the Vertical Ellipses to perform any one of the following actions:
    • Edit. Edit the selected user role, and modify the details for the role in the Edit Role dialog box.
    • Clone. Clone the selected user role
    • Delete. Delete a user role.

Role Name

Name of the role to apply to a specific level of users, such as user for base users or administrator for users with administrative permissions.

Role Description

Description of the role, indicating its purpose.

Modified By Indicates the last person to update the role.
Last Modified Indicates the last time the role was updated.

You can view details for the user accounts and user groups associated with a selected role in the Details panes.

Table 2. Access Control Roles Details Panes
Option Description

User Accounts

The users assigned to the selected role. The information in this pane is based on the data entered when you created the user, or imported with the user.
  • First Name. Indicates the first name of each user who is assigned this role.
  • Last Name. Indicates the last name of each user who is assigned this role.
  • User name , without spaces, that will log in to vRealize Operations

  • Email. Indicates the email address for each user who is assigned this role.

User Groups

The user groups assigned the selected role.
  • Group Name: Name of each group that is associated with the selected role.
  • Members: Number of members in each group.


Displays the permissions assigned to the role according to five categories: Administration, Alerts, Dashboards, Environment, and Home. Expand the tree of each category to view all the assigned permissions.

You can edit the permissions assigned to the role by clicking the Edit icon.

  • Click the Expand All button to expand the trees of all three categories, and select the check boxes to apply permissions for the selected role.
  • To assign all the available permissions to the selected role, select the Administrative Access - all permissions check box.

These actions, named Delete Unused Snapshots for Datastore Express and Delete Unused Snapshots for VM Express appear. However, they can only be run in the user interface from an alert whose first recommendation is associated with this action. You can use the REST API to run these actions.

The following actions are also not visible except in the alert recommendations:
  • Set Memory for VM Power Off Allowed
  • Set CPU Count for VM Power Off Allowed
  • Set CPU Count and Memory for VM Power Off Allowed
These actions are intended to be used to automate the actions with the Power Off Allowed flag set to true.