Tanzu Operations Manager 3.0

PDF

Platform operator roles and permissions in Tanzu Operations Manager

Last Updated March 13, 2025

This topic describes the roles and permissions of the operator user type in a VMware Tanzu Operations Manager and Tanzu Platform for Cloud Foundry deployment.

There are various user types in Tanzu Operations Manager and Tanzu Platform for CF deployments. Roles are assigned categories that more specifically define functions that a user can perform. For more information about user types in Tanzu Platform for CF, see Tanzu Platform for CF User Types.

Operators are users who run a deployment and have admin privileges. Operators are also referred to as “Tanzu Operations Manager admins” and “runtime admins” because they perform an admin role in these contexts.

Operator tools and tasks

Operators fulfill system admin roles covering the entire deployment. They work primarily with their IaaS and Tanzu Operations Manager to configure and maintain Tanzu Platform for CF runtime component VMs. The component VMs support the VMs that host apps.

Typical operator tasks include:

  • Deploying and configuring Tanzu Operations Manager, runtimes, and other product and service tiles

  • Maintaining and upgrading Tanzu Platform for CF deployments

  • Creating user accounts for Tanzu Platform for CF users and the orgs that the users work in

  • Creating service plans that define the access granted to end users

Operator user accounts

When Tanzu Operations Manager starts up for the first time, the operator specifies one of the following authentication systems for operator user accounts:

  • Internal authentication, using a new UAA database that Tanzu Operations Manager creates
  • External authentication, through an existing identity provider accessed through SAML protocol

The operator can then use the UAA CLI (UAAC) to create more operator accounts. For more information, see Creating and managing Tanzu Operations Manager user and client accounts.

Operator roles and permissions

The following table summarizes the operator user type, including their roles, the tools they use, the System of Record (SOR) that stores their accounts, and the accounts they can provision.

User type Available roles Tools they use Account SOR Accounts they can provision
Operator
  • UAA admin
  • SSO plan admin
  • Other system admins
  • IaaS UI
  • Broadcom Support portal
  • Tanzu Operations Manager
  • Cloud Foundry CLI (cf CLI)
  • UAA CLI (UAAC)
  • SSO Dashboard
  • Marketplace
Tanzu Operations Manager user store through UAA
  or
External store through SAML		 Operators and Tanzu Platform for CF runtime users