This is part of VCP7-CMA study guide – Objective 2.4: Manage User and Group Role Assignments.

Official Blueprint-

---

Knowledge

• Explain the roles available to vRealize Automation and vRealize Business
• Assign roles to individual users for a given design
• Assign roles to directory groups for a given design
• Create vRealize Automation custom groups and assign roles

Tools

• Foundations and Concepts
• Installing vRealize Automation 7.0
• Configuring vRealize Automation
• Managing vRealize Automation
• Installing and Configuring vRealize Automation for the Rainpole Scenario

---

Explain the roles available to vRealize Automation and vRealize Business

• User Roles Overview –Official VMware vRealize Automation 7.0 Documentation
• VMware vRealize Automation 7.x User Roles – blog post by Ranjna Aggarwal.

Assign roles to individual users for a given design

See “Assign roles to directory groups for a given design”.

Assign roles to directory groups for a given design

Prerequisites

Log in to the vRealize Automation console as a tenant administrator.

Procedure

1. Select Administration > Users & Groups > Directory Users & Groups.
2. Enter a user or group name in the Search box and press Enter.Do not use an at sign (@), backslash (\), or slash (/) in a name. You can optimize your search by typing the entire user or group name in the form user@domain.
3. Click the name of the user or group to which you want to assign roles.
   
4. Select one or more roles from the Add Roles to this User (or Group, the process is the same) list.The Authorities Granted by Selected Roles list indicates the specific authorities you are granting.
   
5. (Optional) Click Next to view more information about the user or group.
6. Click Update Finish.

Users who are currently logged in to the vRealize Automation console must log out and log back in to the vRealize Automation console before they can navigate to the pages to which they have been granted access.

 Source – Assign Roles to Directory Users or Groups

Create vRealize Automation custom groups and assign roles

Tenant administrators can create custom groups by combining other custom groups, identity store groups, and individual identity store users.
You can assign roles to your custom group, but it is not necessary in all cases. For example, you can create a custom group called Machine Specification Approvers, to use for all machine pre-approvals. You can also create custom groups to map to your business groups so that you can manage all groups in one place. In those cases, you do not need to assign roles.

Prerequisites

Log in to the vRealize Automation console as a tenant administrator.

Procedure

1. Select Administration > Users & Groups > Custom Groups.
2. Click the Add icon ().
   
3. Enter a group name in the New Group Name text box.
   Custom group names cannot contain the combination of a semicolon (;) followed by an equal sign (=).
4. (Optional) Enter a description in the New Group Description text box.
5. Select one or more roles from the Add Roles to this Group list.
   The Authorities Granted by Selected Roles list indicates the specific authorities you are granting.
   
6. Click Next.
7. Add users and groups to create your custom group.
   
   1. Enter a user or group name in the Search box and press Enter.
      Do not use an at sign (@), backslash (\), or slash (/) in a name. You can optimize your search by typing the entire user or group name in the form user@domain.
   2. Select the user or group to add to your custom group.
8. Click Add Finish.

Users who are currently logged in to the vRealize Automation console must log out and log back in to the vRealize Automation console before they can navigate to the pages to which they have been granted access.

 Source – Create a Custom Group