Invite users and manage access to Tanzu Observability.

After you onboarded Tanzu Observability by Wavefront to VMware Cloud services, your Tanzu Observability service instance is running in your VMware Cloud organization. As an organization owner, you can add users and grant them access to the Tanzu Observability service instance.

To enable users to log in with their corporate credentials, configure enterprise federation for your corporate domain. See Setting Up Enterprise Federation with VMware Cloud Services Guide.

Add a User Account to Your Wavefront Instance

To grant a user with access to the Tanzu Observability service instance, organization owners assign Tanzu Observability service roles from the VMware Cloud Services Console.

  • The Tanzu Observability service roles are built-in and not editable.
  • Custom Tanzu Observability service roles are not supported.
  • The organization owner can assign a service role for a certain time period or without an expiration date.
  • The Tanzu Observability service roles grant and deny certain permissions in Tanzu Observability that nobody can override in Tanzu Observability.
  • The Tanzu Observability service roles can be combined for the same user and for the same Tanzu Observability service instance.
Tanzu Observability Service Role Granted Permissions Denied Permissions Description
Super Admin All None
  • Has all permissions.
  • Can perform Super Admin tasks.
  • If combined, takes precedence without overriding the other service roles.
  • Not mapped to a role in Tanzu Observability.
Accounts Administrator Accounts None
  • Can manage user and service accounts, groups, roles, and API tokens.
  • All other permissions are allowed.
  • Mapped to the Accounts Administrator (built-in) role in Tanzu Observability.
User
  • Dashboards
  • Events
  • Alerts
Accounts
  • Can manage dashboards, events, alerts, maintenance windows, and alert targets.
  • Cannot get the permission for managing accounts, groups, roles, and API tokens.
  • Mapped to the User (built-in) role in Tanzu Observability.
Viewer None
  • Accounts
  • Applications
  • Alerts
  • Dashboards
  • Events
  • Metrics
  • Derived Metrics
  • Proxies
  • Chart Embedding
  • SAML IDP Admin
  • Has a read-only access.
  • Cannot get permissions for managing account and objects.
  • Mapped to the Viewer (built-in) role in Tanzu Observability.
Controlled in Tanzu Observability None None
  • Initially, has read-only access.
  • All permissions are allowed.
  • If combined, overrides the Accounts Administrator, User, and Viewer service roles.
  • Not mapped to a role in Tanzu Observability.
  • When you invite a user who doesn’t belong to your organization, you must assign that user:

    • An organization role - organization owner or organization member.
    • A Tanzu Observability service role for the Tanzu Observability service instance.

    See How do I add users to my organization.

  • To invite a user who belongs to your organization, you must edit the user’s roles and add a Tanzu Observability service role for the Tanzu Observability service instance.

    See How do I change user roles.

Each invited user receives an email with an account activation link to sign up to the service instance.

Edit a User Account

A VMware Cloud organization owner can edit the Tanzu Observability service role of a user and change their access level for the Tanzu Observability service instance. See How do I change user roles for more details.

Delete a User Account

You can remove a user’s access to your environment.

In the VMware Cloud Services Console, an organization owner can: