vCloud Air includes predefined roles that apply to tenant users accessing the vCloud API. Each of these roles grants a set of vCloud Director rights.

Most catalog operations are restricted to administrators.

Rights Associated With Catalogs

Account Administrator

Virtual Infrastructure Administrator

Network Administrator

Subscription Administrator

Read-Only Administrator

End User

Add a vApp from my cloud

YES

YES

No

No

No

YES

Change owner

YES

No

No

No

No

No

Create or delete a catalog

YES

YES

No

No

No

No

Edit catalog properties

YES

YES

No

No

No

No

Share a catalog

YES

YES

No

No

No

No

View private and shared catalogs in your organization

YES

YES

No

No

YES

YES

View shared catalogs from other organizations

YES

YES

No

No

YES

YES

End users can view catalog items or use them to create vApps. Other catalog item operations are restricted to administrators.

Rights Associated With Catalog Items

Account Administrator

Virtual Infrastructure Administrator

Network Administrator

Subscription Administrator

Read-Only Administrator

End User

Copy or move a vApp template or media item

YES

YES

No

No

No

No

Upload OVF or media

YES

YES

No

No

No

No

Edit vApp template or media properties

YES

YES

No

No

No

No

View vApp templates or media

YES

YES

No

No

YES

YES

Add to my cloud

YES

YES

No

No

No

YES

Download a vApp template

YES

No

No

No

No

No

End users can view independent disks that administrators create and modify.

Rights Associated With Independent Disks

Account Administrator

Virtual Infrastructure Administrator

Network Administrator

Subscription Administrator

Read-Only Administrator

End User

Change disk owner

YES

YES

No

No

No

No

Create or delete a disk

YES

YES

No

No

No

No

Edit disk properties

YES

YES

No

No

No

No

View disk properties

YES

YES

No

No

YES

YES

End users have a wide variety of permissions to create and modify vApps.

Rights Associated With vApps

Account Administrator

Virtual Infrastructure Administrator

Network Administrator

Subscription Administrator

Read-Only Administrator

End User

Change vApp owner

YES

YES

No

No

No

No

Copy a vApp

YES

YES

No

No

No

YES

Create, delete, or reconfigure a vApp

YES

YES

No

No

No

YES

Download a vApp

YES

No

No

No

No

No

Edit vApp properties

YES

YES

No

No

No

YES

Edit Vm CPU, hard disk, or memory

YES

YES

No

No

No

YES

Edit Vm network connections

YES

YES

No

No

No

YES

Edit Vm properties

YES

YES

No

No

No

YES

Manage Vm password settings

YES

YES

No

No

No

YES

Start, stop, suspend, or reset a vApp

YES

YES

No

No

No

YES

Share a vApp

YES

YES

No

No

No

YES

Create, revert or remove a vApp snapshot

YES

YES

No

No

No

YES

Upload OVF to create a vApp

YES

YES

No

No

No

YES

Access Vm console

YES

YES

No

No

No

YES

View Vm metrics

YES

YES

No

No

YES

YES

Most operations that created or modify organizations, organization VDCs, and organization VDC networks are restricted to administrators.

Rights Associated with Organizations, VDCs, and Networks

Account Administrator

Virtual Infrastructure Administrator

Network Administrator

Subscription Administrator

Read-Only Administrator

End User

Set default storage profile

YES

No

No

No

No

No

Modify or delete an organization VDC

YES

YES

No

No

No

No

View organization VDC properties

YES

YES

YES

No

YES

YES

Create a VDC from a template

YES

YES

No

No

No

No

View a VDC template

YES

YES

No

No

YES

No

Edit organization VDC network properties

YES

No

YES

No

No

No

View organization VDC networks

YES

YES

YES

No

YES

YES

Edit lease policy

YES

No

No

No

No

No

Edit organization properties

YES

No

No

No

No

No

Edit quotas policy

YES

No

No

No

No

No

View organizations

YES

YES

No

No

YES

YES

View organization VDC network properties

YES

YES

YES

No

YES

YES

Configure Edge Gateway services

YES

No

YES

No

No

No

List external IP addresses allocated for the Edge Gateway

YES

No

YES

No

No

No

Add external IP addresses to, or remove them from, the list allocated to the Edge Gateway

YES

No

YES

No

No

No

Convert Edge Gateway to Advanced Networking

YES

No

YES

No

No

No

Manage Distributed Firewall

YES

No

YES

No

No

No