vRealize Automation 7.x User Roles Overview
Roles consist of a set of privileges that can be associated
with users to determine what tasks they can perform. Based on their
responsibilities, individuals might have one or more roles associated with
their user account. 
All
user roles are assigned within the context of a specific tenant. However, some
roles in the default tenant can manage system-wide configuration that applies
to multiple tenants. 
System-Wide Role Overview
System-wide roles are typically assigned to an IT system
administrator. In some organizations, the IaaS administrator role might be the
responsibility of a cloud administrator
System
Administrator
The system administrator is typically the person who installs vRealize Automation and is responsible for ensuring its
availability for other users. The system administrator creates tenants and
manages system-wide configuration such as system defaults for branding and
notification providers. This role is also responsible for monitoring system
logs. 
In
a single-tenant deployment, the same person might also act as the tenant
administrator. 
IaaS
Administrator
IaaS administrators manage cloud, virtual, networking, and storage
infrastructure at the system level, creating and managing endpoints and
credentials, and monitoring IaaS logs. IaaS administrators organize
infrastructure into tenant-level fabric groups, appointing the fabric
administrators who are responsible for allocating resources within each tenant
through reservations and reservation, storage, and networking policies.
System-Wide Roles and Responsibilities
Users with system-wide roles manage configurations that can apply to
multiple tenants. The system administrator is only present in the default
tenant, but you can assign IaaS administrators to any tenant. 
| 
Role
    | 
Responsibilities
    | 
How
   Assigned  | 
| 
System Administrator  | 
 | 
Built-in administrator credentials
  are specified when configuring single sign-on.  | 
| 
IaaS Administrator  | 
 | 
The system administrator
  designates the IaaS administrator when configuring a tenant.  | 
Tenant Role Overview 
Tenant roles typically have responsibilities that are limited to a
specific tenant and cannot affect other tenants in the system 
| 
Tenant
   Role Overview  | ||
| 
Role
    | 
Description
    | |
| 
Tenant Administrator  | 
Typically a line-of-business
  administrator, business manager, or IT administrator who is responsible for a
  tenant. Tenant administrators configure vRealize Automation for the needs of
  their organizations. They are responsible for user and group management,
  tenant branding and notifications, and business policies such as approvals
  and entitlements. They also track resource usage by all users within the
  tenant and initiate reclamation requests for virtual machines.  | |
| 
Fabric Administrator  | 
Manages physical machines and
  compute resources assigned to their fabric groups and creates and manages the
  reservations and policies associated with those resources within the scope of
  their tenant. They also manage property groups, machine prefixes, and the
  property dictionary that are used across all tenants and business groups.  
Note:  
If you add the fabric
  administrator role to a system-wide role such as IaaS administrator or system
  administrator, the fabric administrator can create reservations for any
  tenant, not just their own.  | |
| 
Blueprint Architects  | 
Umbrella term for the individuals
  who are responsible for creating blueprint components and assembling the
  blueprints that define catalog items for consumers to request from the
  service catalog. These roles are typically assigned to individuals in the IT
  department, such as architects or analysts.  | |
| 
Catalog Administrator  | 
Creates and manages catalog
  services and manages the placement of catalog items into services.  | |
| 
Approval Administrator  | 
Defines approval policies. These
  policies can be applied to catalog requests through entitlements that a
  tenant administrator or business group manager manage.  | |
| 
Approver  | 
Any user of vRealize Automation,
  for example, a line manager, finance manager, or project manager, can be
  designated as an approver as part of an approval policy.  | |
| 
Business Group Manager  | 
Manages one or more business
  groups. Typically a line manager or project manager. Business group managers
  entitlements for their groups in the service catalog. They can request and
  manage items on behalf of users in their groups.  | |
| 
Support User  | 
A role in a business group.
  Support users can request and manage catalog items on behalf of other members
  of their groups.  | |
| 
Business User  | 
Any user in the system can be a
  consumer of IT services. Users can request catalog items from the service
  catalog and manage their provisioned resources.  | |
| 
Health Consumer  | 
Any user of vRealize Automation,
  for example, a line manager, finance manager, or project manager, can be
  designated as a Health Consumer with read-only privileges for Health Service
  reports.  | |
Tenant Roles and
Responsibilities in vRealize Automation
You can assign tenant
roles to users in any tenant. The roles have responsibilities that are specific
to that tenant.
Tenant Roles and Responsibilities
| 
Role
    | 
Responsibilities
    | 
How
   Assigned  | 
| 
Tenant administrator  | 
 | 
The system administrator
  designates a tenant administrator when creating a tenant. Tenant
  administrators can assign the role to other users in their tenant at any time
  from the Administration tab.  | 
| 
Fabric administrator  | 
 | 
The IaaS administrator designates
  the fabric administrator when creating or editing fabric groups.  | 
| 
Application architect  
To successfully add software
  components to the design canvas, you must also have business group member,
  business group administrator, or tenant administrator role access to the
  target catalog.  | 
 | 
Tenant administrators can assign
  this role to users in their tenant at any time from the Administration tab.  | 
| 
Infrastructure architect  
To successfully add software
  components to the design canvas, you must also have business group member,
  business group administrator, or tenant administrator role access to the
  target catalog.  | 
 | 
Tenant administrators can assign this
  role to users in their tenant at any time from the Administration tab.  | 
| 
XaaS architect  | 
 | 
Tenant administrators can assign
  this role to users in their tenant at any time from the Administration tab.  | 
| 
Software architect  
To successfully add software
  components to the design canvas, you must also have business group member,
  business group administrator, or tenant administrator role access to the
  target catalog.  | 
 | 
Tenant administrators can assign
  this role to users in their tenant at any time from the Administration tab.  | 
| 
Container architect  | 
 | 
Tenant administrators can assign
  this role to users and groups in their tenant at any time from the Administration
  tab.  | 
| 
Container administrator  | 
Use all available options in the Containers
  tab, including the following tasks:  
 | 
Tenant administrators can assign
  this role to users and groups in their tenant at any time from the Administration
  tab.  | 
| 
Catalog administrator  | 
 | 
Tenant administrators can assign
  this role to users in their tenant at any time from the Administration tab.  | 
| 
Business group manager  | 
 | 
The tenant administrator
  designates the business group manager when creating or editing business
  groups.  | 
| 
Shared access user  | 
 | 
The tenant administrator
  designates the shared access users when creating or editing business groups.  | 
| 
Approval administrator  | 
 | 
Tenant administrators can assign
  this role to users in their tenant at any time from the Administration tab.  | 
| 
Approver  | 
 | 
The tenant administrator or
  approval administrator creates approval policies and designates the approvers
  for each policy.  | 
| 
Support user  | 
 | 
The tenant administrator
  designates the support user when creating or editing business groups.  | 
| 
Business user  | 
 | 
The tenant administrator
  designates the business users who can consume IT services when creating or
  editing business groups.  | 
| 
Health Consumer  | 
 | 
The IaaS administrator designates
  privilege to any role..  | 
| 
Security administrator  | 
 | 
Tenant administrators can assign
  this role to users in their tenant at any time from the Administration tab.  | 

 


























 
