Setting up permissions in vRealize Automation 8 – Cloud Assembly

After having shown how vRealize Automation can be setup and having added Active Directory in Identity Manager, the next step is to grant access to vRealize Automation to users and groups.

Once again, this can be done in the vRealize Automation portal. If you grant access for the first time, please make sure to use the privileged user account specified during the vRealize Automation deployment. In my case, this was the user configurationadmin.


Identity & Access Management

To asign some roles, let’s click on the Identity & Access Management tab. You can assign roles to individual users or groups. Of course, for the sake of manageability, assigning roles to groups is always recommended, so go ahead to the Enterprise Groups tab.

With the group selected, we can edit roles for vRealize Automation.

If you click on Assign Roles, you can grant access to new users and groups.


Assigning roles

Role types

When assigning roles, you have to bear in mind that there are two different role types

  • Organization Roles
  • Service Roles

Organizational Roles are global in nature. However, you can narrow them down to specific projects and add users to those roles.

Organization Roles

Basically, Organization Roles define permissions within a tenant, while Service Roles determine what kind of functionality can be used.

For Organization Roles, you can choose between Organization Owner and Organization Member. The difference is that only Owner can admin level permissions and can manager other users as well as branding stuff, while members basically have access to all other kind of functionality.

Service Roles

There are Service Roles for Cloud Assembly, Code Stream, Orchestrator and Service Broker

Let’s begin with Cloud Assembly (we will discuss the specific roles of the other services in a later blog post):

  • Cloud Assembly Administrator: Administrators can do everything within Cloud Assembly (including adding cloud accounts, creating new projects, and assigning a project administrator).
  • Cloud Assembly User have the following permissions.


Tab Node or Area View Create Modify/Delete
Infrastructure Configure – Projects Yes (only the projects you are a member of) No No
  Configure – Cloud Zones No No No
  Configure – Flavor Mappings Yes No No
  Configure – Image Mappings Yes No No
  Configure – Network Profiles Yes No No
  Configure – Storage Profiles Yes No No
  Configure – Tags Yes No No
  Resources – Compute Yes No No
  Resources – Network Yes No No
  Resources – Storage Yes No No
  Resources – Machines Yes (only the ones that you deployed) Yes Yes (only the ones that you deployed)
  Resources – Volumes      
  Activity – Requests Yes (only the ones that you deployed) N/A Yes (only the ones that you deployed)
  Activity – Events Yes (only the ones that you deployed) N/A Yes (only the ones that you deployed)
  Connections – Cloud Accounts No No No
  Connections – Integrations      
  Connections – Cloud Proxies      
  Cost – VMC Assessment Yes No No
  Cost – Private Clouds Yes No No
Blueprints Blueprints Yes (only for your projects) Yes (only for your projects) Yes (only for your projects)
Deployments Deployments Yes (only the ones that you deployed) N/A Yes (only the ones that you deployed)

Kommentar absenden

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert