Custom Roles

Custom Roles are a great way to design how you want grant permissions to a matching role within your organization.  Perhaps an operations team or cloud architect role rather than selecting a bunch of default roles to assign to the group.  Let’s take a moment and look at the default roles within vRealize Automation.

Custom roles are not a complete replacement for the default roles as some of these roles relate to permissions that are outside the purview of Cloud Assembly custom roles.  Let’s look at the permissions that can be assigned to a custom role.

Infrastructure

• View Cloud Accounts – View cloud accounts.
• Manage Cloud Accounts – Create, update, delete, and view cloud accounts.
• View Image Mappings – View image mappings.
• Manage Image Mappings – Create, update, delete, and view image mappings.
• View Flavor Mappings – View flavor mappings.
• Manage Flavor Mappings – Create, update, delete, and view flavor mappings.
• View Cloud Zones – View cloud zones.
• Manage Cloud Zones – Create, update, delete, and view cloud zones.
• View Requests – View request statuses, event logs and details of requests.
• Manage Requests – View and delete request statuses, view event logs and details of requests.
• View Integrations – View integrations.
• Manage Integrations – Create, update, delete, and view integrations.
• View Projects – View projects.
• Manage Projects – Create and view projects. Add users and assign roles in projects. Edit cloud zones in projects (in combination with any cloud zone permission).
• View Onboarding Plans – View onboarding plans.
• Manage Onboarding Plans – Create, update, delete, and view onboarding plans.

Catalog

• View Content – View content, content sources, and content sharing.
• Manage Content – Add, update, delete, and view content sources. Share content. Customize the content, including the catalog icons and request forms.

Policies

• View Policies – View policy definitions.
• Manage Policies – Create, update, delete, and view policy definitions.

Deployments

• View Deployments – View all deployments, including deployment details, deployment history, and troubleshooting information.
• Manage Deployments – View all deployments and their resources and run all day 2 actions that the day 2 policies allow to run on deployments and their resources. Also, allow Create VM operation in resource center.

Cloud Templates

• View Cloud Templates – View cloud templates.
• Manage Cloud Templates – Create, update, delete, version, view, share cloud templates, and release/unrelease a cloud template version.
• Edit Cloud Templates – Create, update, version, view, share cloud templates, and release/unrelease a cloud template version. Delete is not available.
• Deploy Cloud Templates – Deploy any cloud template.
• Deploy In-line Cloud Template Content – Deploy any in-line cloud template content.
• View property groups – View any property groups
• Manage property groups – Create, view, update and delete any property groups

XaaS

• View Custom Resources

View custom resources.

• Manage Custom Resources – Create, update, delete, and view custom resources.
• View Resource Actions – View custom actions.
• Manage Resource Actions – Create, update, delete, and view custom actions.

Extensibility

• View Extensibility Resources – View events, subscriptions, event topics, actions, workflows, action runs, and workflow runs.
• Manage Extensibility Resources – Create, update, delete, view, and disable extensibility subscriptions. Create, update, delete, and view extensibility actions. Cancel or delete extensibility action runs.

Pipeline

• Manage Pipelines – Create, edit, delete, and view pipelines, endpoints, variables, and triggers configurations. Read custom integrations. Restricted variables and endpoints are excluded.
• Manage Restricted Pipelines – Create, edit, delete, and view pipelines, endpoints, variables, and triggers configurations. Read custom integrations. Restricted variables and endpoints are included.
• Manage Custom Integrations – Create, edit, delete and view custom integrations.
• Execute Pipelines – Run pipelines and triggers. Pause, cancel, resume, and re-run executions or triggers.
• Execute Restricted Pipelines – Run pipelines and triggers. Pause, cancel, resume, and re-run executions or triggers. Resolve restricted endpoints and variables.
• Manage Executions – Run pipelines and triggers. Pause, cancel, resume, and re-run executions or triggers. Resolve restricted endpoints and variables. Delete executions.

Approval

• Manage Approvals – View the Approvals tab where you can approve or reject approval requests.

Now that we have all this information in front of us and have an idea of what we need to setup for our custom role, let’s go ahead and set one up.

To begin configuring a custom role, click on Infrastructure > Custom Roles > New Custom Role as shown in the image.

Configuration:

• Name – Provide a clear and concise name for your role.  If you plan to create several custom roles it may be best to also include a level of access like ‘admin’ or ‘user’ in the name similar to the default roles to make sure that you can make the distinction going forward while maintaining these role assignments and permissions.
• Description – <optional> Provide any additional detail that will help you know exactly what this role is capable of to prevent any mishaps of assigning it to the wrong group of users.
• Permissions – These are the list of permissions we laid out above.  Assign all the needed permissions for this new custom role.