Default Roles
The following roles are system roles that are automatically added to CloudControl. These roles are all view-only. If you want to modify a default role, you must clone it first.
| Role Name | Role Description |
|---|---|
| ASC_SuperAdmin |
The default super administrator role. Can perform all operations. |
| ASC_CloudAdmin |
The default cloud administrator role. Can perform all operations assigned to the cloud administrator for any of your CloudControl-protected environments. |
|
ASC_CloudControlAuditor |
View-only privileges in CloudControl. |
| ASC_ContainerInfraAdmin |
Full access to create/edit/delete/connect operations on pod/deployment/service/namespace/node resources of Kubernetes, OpenShift, and VMware Tanzu cluster(s). |
| ASC_ContainerSecurityAdmin |
Full access to all security controls related operations in CloudControl to author and manage the security posture of Kubernetes, OpenShift, and VMware Tanzu cluster(s) resources. Can log into CloudControl, manage trust manifests, and perform configuration hardening tasks, but cannot add clusters to CloudControl. |
| ASC_DevopsUsers |
Can perform Kubernetes CRUD operations on pods, deployments and services. |
|
ASC_NetworkEngineer |
Full access to most networking resources, including logical switches, transport zones, and IP pools. Read-only access to core security-related resources. |
|
ASC_NetworkOperator |
Read and write access to most networking resources including logical switches, transport zones, and IP pools. Read-only access to core security-related resources |
|
ASC_LoadBalancerAdmin |
Full access to load balancer-related networking resources. |
|
ASC_VPNAdmin |
Full access to VPN networking resources. |
|
ASC_SecurityAuditor |
Read-only access to security-related resources. |
|
ASC_SecurityOperator |
Read-only access to security operations. |
|
ASC_SecurityAdmin |
Full access to security-related resources including firewalls, security groups, IP sets, MAC sets, and services. |
|
ASC_SupervisorClusterAdmin |
Can perform vSphere proxy CRUD operations on VMware Tanzu supervisor cluster and namespaces related operations. |
|
ASC_StorageAdmin |
Full access to all storage operations. |
|
ASC_NetworkAdmin |
The default network administrator role. Can manage virtual networks, virtual switches, and VLANS. |
|
ASC_VMPowerUser |
Can start, stop, and suspend VMs, view and change most virtual machine configuration settings, and take snapshots. |
|
ASC_DatacenterAdmin |
Can perform actions on all resources within datacenters. |
|
ASC_HostAdmin |
Can perform ESXi host maintenance, management, and configuration. |
|
ASC_BoundaryControlUser |
The Boundary Control role. This role has privileges to authorize keys from KeyControl based on the boundary control trust manifest. |
