vRealize Orchestrator administrators can set permissions that control access to features and content in the vRealize Orchestrator Client. Access rights are separated into user roles and group permissions.
License | Authentication | |
---|---|---|
vSphere | vRealize Automation | |
vSphere | Role management is not supported. Groups support only Run permissions. | |
vRealize Automation | Manage roles in the vRealize Orchestrator Client. |
Manage roles through Identity and Access Management in vRealize Automation. See Configure vRealize Orchestrator Client Roles in vRealize Automation. |
Group permissions control what vRealize Orchestrator Client content users can view and use, such as workflows, actions, policies, configuration elements, and resource elements. Access to preconfigured system vRealize Orchestrator content like standard workflows and actions is shared among all users, unless configured otherwise through group permissions.
Access rights of users with administrator and viewer roles are not restricted by group permissions. Access rights of users without an assigned role and users with a workflow designer role depend on the group assigned to them. You can extend the access rights of these users by modifying their group permissions. In this way, you can organize users into common projects. For example, you can create a group that includes users working on developing a custom vRealize Orchestrator plug-in and allow them to modify only content that is specific to their group.
Role | Access Rights | ||
---|---|---|---|
Administrator | Administrators can access all vRealize Orchestrator Client features and content, including the content created by specific groups. Responsible for setting user roles, creating and deleting groups, and adding users to groups. Administrators are not limited by group permissions. Tenant administrators from vRealize Automation environments used to authenticate vRealize Orchestrator have Administrator rights by default. |
||
Viewer | Viewers have read-only access to all content in the vRealize Orchestrator Client, but cannot create, edit, run, or export content. Viewers can also see all groups and group content. Viewers are not limited by group permissions. The Viewer role overwrites the Workflow Designer role when set to the same user account. |
||
Group Permissions | |||
No assigned group | Run | Run and edit | |
Workflow Designer |
|
|
Not available for vRealize Orchestrator instances authenticated with vSphere. |
User without an assigned role |
These access rights are granted by default to users in vRealize Automation and vSphere without an assigned vRealize Orchestrator role and group. |
|
To be able to create, edit, and add content, users in this group must be assigned a Workflow Designer role. Not available for vRealize Orchestrator instances authenticated with vSphere. |