From what I can see, although vRO gives the ability to create permissions on who can run what workflow, it doesn't come with predefined set of roles that you can assign users to such as vCenter does.
I don't want to have to figure out for every single workflow how does that map to existing security policy and one-by-one determine what users should be able to run what workflows.
Has anyone thought of a way to create role based access control in vRO? For example:
storage admins: Can run workflows that interface with WFA, VIPR and VMware snapshots and virtual disks
network admins: Can run workflows that integrate with network monitoring tools
VMware admins: Can run all workflows against vCenter
VMware operators: Can run worfklows that perform reporting against vCenter and basic VM operations like removing CD rom drives, but can't make any other changes.
I'm using "share a unique session", so vCenter permissions don't apply, on the permissions on the service account that the unique sessions uses. That service account has to have full admin rights in vCenter.
How can I create these "roles" in vRO so I can assign user accounts to them and then associate the workflow permissions with roles instead of individual users, like I would in vCenter?