Administrators add new users in Virtual Private Cloud OnDemand and assign one or more roles to them. User roles have a default group of privileges.

A user in Virtual Private Cloud OnDemand can either have administrator privileges or end user privileges, but not both. The roles are mutually exclusive with the exception of the Network Administrator and Virtual Infrastructure Administrator roles; meaning, you can assign a user to the Network Administrator and Virtual Infrastructure Administrator roles, or the Account Administrator, Read-Only Administrator, or End User role.

Specialized administrator roles allow you to assign one or multiple individuals to perform these tasks.

Description of the Administrative Roles

Administrative Role

Description and Privileges

Cannot Do

Ideal For

Account Administrators

Account Administrators can perform all actions in Virtual Private Cloud OnDemand, including manage users, virtual data centers, networking resources, and access My VMware to manage the Virtual Private Cloud OnDemand account.

Managing all aspects of your Virtual Private Cloud OnDemand environment and account management, including logging into My VMware to manage your VMware account and view Virtual Private Cloud OnDemand billing statements.

Virtual Infrastructure Administrators

Virtual Infrastructure Administrators can add and modify virtual data centers in Virtual Private Cloud OnDemand. Virtual Infrastructure Administrators can manage virtual machines. They can also view gateways, networks, and users.

Manage users, networks, or gateways.

Manage the environment, including virtual machines across users, add vApps and media to your company's catalog, and create virtual data centers.

Network Administrators

Network Administrators can manage networks and gateways. Network Administrators can also view virtual data centers, virtual machines, and users.

Manage users, virtual data centers, or add vApps and media to your company's catalog.

Network administration.

Read-only Administrators

Read-only Administrators can view but not alter settings in administration areas. Read-only Administrators can view virtual data centers, virtual machines, gateways, networks, and users.

Add or edit virtual data centers, networks, gateways, users, or vApps and media in your company's catalog.

All personnel with purchasing and support responsibilities.

End users create and manage virtual machines within virtual data centers. As a member of the End User role, you can perform the following tasks:

Add virtual machines based on a template from the VMware Public Catalog and from My Catalog, your organization's custom templates.

Create a virtual machine in Virtual Private Cloud OnDemand and vCloud Director.

Power on, power off, reset, and suspend virtual machines in a virtual data center.

Use snapshots of virtual machines.

Delete virtual machines from a virtual data center.

Note

End users can create virtual machines but they cannot configure network security policies to grant Internet access to the virtual machines they create. End users must contact their Network Administrator to set up firewall rules and NAT to allow external (Internet) access to their virtual machines. End Users can use the VMRC console to manage their virtual machines that do not have Internet access. Log Into a Virtual Machine Guest OS with the Console.

For more information about end user access to Virtual Private Cloud OnDemand, see End User Virtual Machine Access. See also Environment Setup and Catalog Access for an overview of administrator access and tasks in Virtual Private Cloud OnDemand.

Virtual Private Cloud OnDemand provides single sign-on access to the vCloud Director portal. In vCloud Director, administrators can perform advanced management of virtual data centers, and end users can perform advanced management of virtual machines.

For a detailed mapping of the the roles in Virtual Private Cloud OnDemand (and other vCloud Air offerings from VMware) to the roles in vCloud Director, see Understanding user roles within VMware vCloud Air (2053484).

In My VMware, your Virtual Private Cloud OnDemand account is managed by three roles:

Super User

Procurement Contact

Administrators with Subscription Services permissions

See Understanding user permissions in My VMware (2006977) and Roles in My VMware (2016898) for information.

As an Account Administrator, you can access My VMware from Virtual Private Cloud OnDemand without needing to log into My VMware. From the Tools menu, select Billing and Payments. My VMware opens in a new browser tab and displays your account information. See the My VMware Help (My VMware Get Help Icon) for information.