A role associates a role name with a set of rights. A newly created organization includes a set of predefined roles and rights inherited from the system. A system administrator can add new roles or modify predefined roles.

vCloud Director uses roles, and their associated rights, to determine whether a user or group is authorized to perform an operation. When you create or import a user or group, you must assign it a role.


You can create and modify rights associated with extension services, but not those associated with vCloud Director. See Create a Service-Specific Right