vRealize Orchestrator provides different tools and interfaces based on the specific responsibilities of the global user roles. In vRealize Orchestrator you can have users with full rights, that are a part of the administrator group (administrators), developers (workflow designers), troubleshooting users (viewers), and users with limited access.

vRealize Orchestrator user roles are managed in the Role Management menu of the vRealize Orchestrator Client. For more information on configuring user roles in the vRealize Orchestrator Client, see Assign Roles in the vRealize Orchestrator Client in the Using the VMware vRealize Orchestrator Client guide.

Note: For vRealize Orchestrator deployments authenticated with vRealize Automation, or using a vRealize Automation license, user roles are assigned with the Identity and Access Management service of the vRealize Automation platform. See Configure vRealize Orchestrator Client Roles in vRealize Automation in Using the VMware vRealize Orchestrator Client.
User Role Description
Administrator This user has full access to all vRealize Orchestrator platform capabilities and content, including content created by specific groups. Primary administrator user responsibilities include:
  • Installing and configuring vRealize Orchestrator.
  • Adding users to the vRealize Orchestrator Client, assigning roles, and creating and deleting groups. See Create Groups in the vRealize Orchestrator Client in Using the VMware vRealize Orchestrator Client.
  • Creating an integration with a Git repository for the developers in their vRealize Orchestrator environment. See Configure a Connection to a Git Repository in Using the VMware vRealize Orchestrator Client.
  • Troubleshooting their vRealize Orchestrator environment through features like workflow validation and debugging workflow scripts.
Viewer This user has read-only access to all vRealize Orchestrator Client, including all groups and group content. This user can view but cannot create, edit, or run content, or export workflow runs, workflow run logs, or packages. Viewers are not limited by group permissions.
Note: The viewer role is supported only for vRealize Orchestrator instances authenticated with vRealize Automation. This role is not mapped to a vRealize Automation role by default so it must be explicitly assigned to users.
Workflow Designer This user can extend the vRealize Orchestrator platform functionality by creating and editing objects. Workflow designers do not have access to the administrative and troubleshooting features of the vRealize Orchestrator Client. Primary workflow designer responsibilities include:
  • Creating, editing, running, and deleting vRealize Orchestrator objects like workflows, actions, policies, and configuration elements.
  • Scheduling workflow runs. See Schedule Workflows in the vRealize Orchestrator Client in Using VMware vRealize Orchestrator Client.
  • Adding content created by the workflow developer to groups they are assigned to.
  • Pushing local changes to the vRealize Orchestrator content inventory to the connect Git repository. See Push Changes to a Git Repository in Using VMware vRealize Orchestrator Client.
Users with limited rights Users with no assigned role can still log in to the vRealize Orchestrator Client, but have limited access to client features and content. If they are assigned to a group, this user can view and run content included in that group.