Each vCloud Director predefined role contains a default set of rights required to perform operations included in common workflows. By default, all predefined global tenant roles are published to every organization in the system.
By default, the provider roles that are local only to the provider organization are the System Administrator and Multisite System roles. System administrators can create additional custom provider roles.
By default, the predefined global tenant roles and the rights they contain are published to all organizations. System Administrators can unpublish rights and global tenant roles from individual organizations. System Administrators can edit or delete predefined global tenant roles. System administrators can create and publish additional global tenant roles.
Each predefined role is initially linked to a role template that specifies the set of rights in the role. You cannot create role templates or new predefined roles, but you can unlink a role in your organization from the template on which it was based. Unlinking a predefined role in your organization from its template prevents the role from being affected if a system administrator edits the set of rights in the template by modifying the predefined role. You can also relink an unlinked role in your organization to its template. See View or Modify Role Template Linkage.
Except the Defer to Identity Provider role, each predefined role includes a set of default rights. Only a System Аdministrator can modify the rights in a predefined role. If a System administrator modifies a predefined role, the modifications propagate to all instances of the role in the system.
Predefined roles and new roles created by the Organization Administrator are listed in the RoleReferences element of AdminOrg response. To view the list of rights included in a role, make a request like this one, where org-id is the UUID of the organization and role-id is the UUID of the role.
GET https://vcloud.example.com/api/admin/org/org-id/role/role-id
You can also use the adminRole query and filter on the organization UUID.
GET https://vcloud.example.com/api/query?type=adminRole&format=records&filter=org==https://vcloud.example.com/api/org/org-id
Various rights are common to multiple predefined global roles. These rights are granted by default to all new organizations, and are available for use in other roles created by the Оrganization Аdministrator.
Catalog: Allow External Publishing / Subscriptions for the Catalogs |
|||||
Catalog: Share a Catalog to Users / Groups within Current Organization |
|||||
Catalog: View Private and Shared Catalogs within Current Organization |
|||||
Custom Entity: View All Custom Entity Instances in Organization |
|||||
Organization: Implicitly Import User/Group from IdP while Editing VDC ACL |
|||||
Organization vDC: Edit Organization VDC Name and Description |
|||||
Organization vDC: View Compute Policies for an Organization VDC |
|||||
Service Library: View Services Making Up the Service Library |
|||||
VM Monitoring: View historic metrics for the Organization VDC |
|||||