OnApp supports both custom and default VCD roles. Default roles are mapped using the label, therefore, please do not change the labels of the default user roles in VMware Cloud Director. The custom role will not appear in the user creation wizard if the role does not exist in all organizations under a certain user group. Custom roles are not synchronized between the organizations in a user group, therefore, you will be required to add the same custom role in VCD for all organizations in a user group. 

To enable all VMware Cloud Director roles on the User Group level, select the Assign vCloud Roles checkbox while creating or editing a user group to which the organization will belong.

The roles created in VCD after the original import won't be directly synchronized into the OnApp CP. All the updates will appear after the resync that occurs every 24 hours. If you create one and want to add it into OnApp immediately, you can run manual sync of VMware Cloud Director.

List of Roles


vCloud Organization Administrator

A user with the predefined Organization Administrator role can manage users and groups in their organization and assign them roles, including the predefined Organization Administrator role. Roles created or modified by an Organization Administrator are not visible to other organizations.


vCloud Catalog Author

The rights associated with the predefined Catalog Author role allow a user to create and publish catalogs.


vCloud vApp Author

The rights associated with the predefined vApp Author role allow a user to use catalogs and create vApps.


vCloud vApp User

The rights associated with the predefined vApp User role allow a user to use existing vApps.


vCloud Console Access Only

The rights associated with the predefined Console Access Only role allow a user to view virtual machine state and properties and to use the guest OS.


vCloud Defer to Identity Provider

Rights associated with the predefined Defer to Identity Provider role are determined based on information received from the user's OAuth or SAML Identity Provider. To qualify for inclusion when a user or group is assigned the Defer to Identity Provider role, a role or group name supplied by the Identity Provider must be an exact, case-sensitive match for a role or group name defined in your organization.

  • If the user is defined by an OAuth Identity Provider, the user is assigned the roles named in the roles array of the user's OAuth token.
  • If the user is defined by a SAML Identity Provider, the user is assigned the roles named in the SAML attribute whose name appears in the RoleAttributeName element, which is in the SamlAttributeMapping element in the organization's OrgFederationSettings.

You must manually assign a role to such users.

Rights Included in VMware Cloud Director Roles


Except the Defer to Identity Provider role, each predefined role includes the following set of default rights:

Right Group Name

Organization Administrator

Catalog Author

vApp Author

vApp User

Console Access Only

Backups

Any action 

-

-

--
Recovery pointsAny action----
Backup resource zonesAny action----
Backup resourcesAny action----

Buckets

 See details of any bucket

See own bucket

See own bucket

See own bucket

See own bucket

Resource Pools statisticsSee own----
Cross VDC NetworksAny action----
Dashboard
  • Show cloud dashboard
  • Show vCloud dashboard

Show cloud dashboard

Show cloud dashboard

Show cloud dashboard

Show cloud dashboard

Data stores
  • Any action on data stores
  • See all data stores
----
Disks
  • Create a new disk
  • Destroy any disk
  • See all disks
  • Update any disk
  • Create a new disk
  • Destroy own disk
  • See own disks
  • Update own disk
  • Create a new disk
  • Destroy own disk
  • See own disks
  • Update own disk

See own disks

See own disks

Edge GatewaysAny action----
Firewall rulesAny action----

Virtual Server's IP Addresses

  • Add IP address to any virtual server
  • Remove IP address from any virtual server
  • See IP addresses assigned to any virtual servers
  • Add IP address to own virtual server
  • Remove IP address from own virtual server
  • See IP addresses assigned to own virtual servers
  • Add IP address to own virtual server
  • Remove IP address from own virtual server
  • See IP addresses assigned to own virtual servers
  • Add IP address to own virtual server
  • Remove IP address from own virtual server
  • See IP addresses assigned to own virtual servers
  • See IP addresses assigned to any virtual servers
Log items
  • Delete any log item
  • See details of any log item
  • Delete own log item
  • See details of own log item
  • Delete own log item
  • See details of own log item
  • Delete own log item
  • See details of own log item
  • Delete own log item
  • See details of own log item
Monthly User Billing Statistics
  • Full access to user monthly bills statistics
  • See all monthly user bills statistics
  • See only own user monthly bills statistics
  • See only own user monthly bills statistics
  • See only own user monthly bills statistics
  • See only own user monthly bills statistics
Monthly User Group Billing Statistics
  • Full access to user group monthly bills statistics
  • See only own user group monthly bills statistics
----
NSX ServicesAny action----
Org NetworksAny action----
OVAs

Manage System Service Add-ons

----

Payments

See all payments

See own user payments

See own user payments

See own user payments

See own user payments

Roles

See all roles

See all roles

See all roles

See all roles

See all roles

Service add-on groupsAny action----

Settings

View OnApp version

View OnApp version

View OnApp version

View OnApp version

View OnApp version

SSH keys

Add SSH keys for own virtual servers

----

Templates

  • Manage System Service Add-ons
  • Manage own System Service Add-ons
----

Transactions

  • Delete all transactions from log
  • See details of all transactions
  • Delete own transactions from logs
  • See details of own transaction
  • Delete own transactions from logs
  • See details of own transaction
  • Delete own transactions from logs
  • See details of own transaction
  • Delete own transactions from logs
  • See details of own transaction
TunnelsAny action----

User groups

See details of any user group

See details of any user group

See details of any user group

See details of any user group

See details of any user group

Users

  • Any action on users
  • Change user password
  • Change role of other users
  • See all users
  • See user bucket
  • See user hourly prices
  • See user monthly prices
  • See user outstanding amount
  • See user summary payments
  • See user virtual server prices
  • Update any user
  • Generate API key
  • Change own password
  • See own users
  • See user bucket
  • See user hourly prices
  • See user monthly prices
  • See user outstanding amount
  • See user summary payments
  • See user virtual server prices
  • Update own user
  • Generate own API key
  • Change own password
  • See own users
  • See user bucket
  • See user hourly prices
  • See user monthly prices
  • See user outstanding amount
  • See user summary payments
  • See user virtual server prices
  • Update own user
  • Generate own API key
  • Change own password
  • See own users
  • See user bucket
  • See user hourly prices
  • See user monthly prices
  • See user outstanding amount
  • See user summary payments
  • See user virtual server prices
  • Update own user
  • Generate own API key
  • Change own password
  • See own users
  • See user bucket
  • See user hourly prices
  • See user monthly prices
  • See user outstanding amount
  • See user summary payments
  • See user virtual server prices
  • Update own user
  • Generate own API key
vApp NetworksAny actionAny action

Any action on vApp networks

Any action on vApp networks

-
vAppsAny action
  • Compose vApp
  • Convert vApp
  • Create a new vApp
  • Delete own vApps
  • Any power action on own vApps
  • Read own vApps
  • Edit own vApps
  • Compose vApp
  • Convert vApp
  • Create a new vApp
  • Delete own vApps
  • Any power action on own vApps
  • Read own vApps
  • Edit own vApps
  • Delete own vApps
  • Any power action on own vApps
  • Read own vApps
  • Edit own vApps

Read own vApps

vCloud Permissions

Administrator Control

----

Catalogs

  • Create a new Catalog
  • Delete any Catalog
  • Read any Catalog
  • Update any Catalog
  • Create a new Catalog
  • Delete own Catalogs
  • Read own Catalogs
  • Update any Catalog

Read own Catalogs

--
MediaAny actionAny action

See any Media

See any Media

See any Media

vCloud NAT rules

  • Create nat rules
  • Delete any nat rule
  • See any nat rule
  • Edit any nat rule
----
Provider Resource PoolsAny action----
Orchestration ModelsAny action----

VCloud User Credentials

  • See own VCloud User Credentials
  • Update own VCloud User Credentials
  • See own VCloud User Credentials
  • Update own VCloud User Credentials
  • See own VCloud User Credentials
  • Update own VCloud User Credentials
  • See own VCloud User Credentials
  • Update own VCloud User Credentials
  • See own VCloud User Credentials
  • Update own VCloud User Credentials

vApp Templates

Any action
  • Create any vApp templates
  • See own vApp templates

See own vApp templates

--

Resource pool

  • Any action
  • Manage Firewalls
  • Read any Resource Pool
----
Virtual Server SnapshotsAny action
  • Create or restore own virtual server snapshot
  • Destroy own virtual server snapshot
  • See own virtual server snapshots
  • Create or restore own virtual server snapshot
  • Destroy own virtual server snapshot
  • See own virtual server snapshots
  • Create or restore own virtual server snapshot
  • Destroy own virtual server snapshot
  • See own virtual server snapshots
-

Virtual Servers

  • any action
  • Console to any virtual server
  • Destroy any virtual server
  • Install VMware Tools
  • Migrate own virtual server
  • Any power action on virtual servers
  • Read any virtual server
  • Read virtual server's root password
  • Manage recipes joins for all virtual servers
  • Manage recipes joins for own virtual servers
  • Select resources manually on virtual server creation
  • Manage Service Add-ons for all virtual servers
  • Manage Service Add-ons for own virtual servers
  • Set SSH keys
  • Manage System Service Add-ons
  • Manage own System Service Add-ons
  • Allow insert/eject media for all virtual server
  • Allow insert/eject media for own virtual server
  • Unlock any virtual server
  • Update all virtual server
  • Console to own virtual server
  • Destroy own virtual server
  • Install VMware Tools
  • Any power action on own virtual servers
  • Read own virtual servers
  • Read own virtual server's root password
  • Allow insert/eject media for own virtual server
  • Unlock any virtual server
  • Update own virtual server
  • Console to own virtual server
  • Destroy own virtual server
  • Install VMware Tools
  • Any power action on own virtual servers
  • Read own virtual servers
  • Read own virtual server's root password
  • Allow insert/eject media for own virtual server
  • Unlock any virtual server
  • Update own virtual server
  • Console to own virtual server
  • Destroy own virtual server
  • Install VMware Tools
  • Any power action on own virtual servers
  • Read own virtual servers
  • Read own virtual server's root password
  • Allow insert/eject media for own virtual server
  • Unlock any virtual server
  • Update own virtual server
  • Console to own virtual server
  • Install VMware Tools
  • Read own virtual servers
  • Read own virtual server's root password
  • Allow insert/eject media for own virtual server
  • Unlock any virtual server

Virtual Machine Statistics

  • See Virtual Machine Statistics
  • See all Virtual Machines Statistics

See own Virtual Machines Statistics

See own Virtual Machines Statistics

See own Virtual Machines Statistics

See own Virtual Machines Statistics

 

See also: