A role associates a role name with a set of rights. A newly created organization includes a set of predefined roles and rights inherited from the containing cloud. An organization administrator can add new roles or modify predefined roles.

vCloud Director uses roles, and their associated rights, to determine whether a user or group is authorized to perform an operation. When you create or import a user or group, you must assign it a role. You can use one of the predefined roles, or you can create a role from existing rights.

Predefined roles and rights are properties of a cloud. Roles that an organization administrator creates are properties of the organization.


You can create and modify rights associated with extension services, but not those associated with vCloud Director. See Create a Service-Specific Right