Cloud administrators may wish to differentiate user access between providers, or even for specific virtual datacenters (VDCs) and the new VDC roles feature provides this finer access control. For example, users may have full access to private cloud and read only access to public cloud.
Administrators assign roles directly to VDCs. When cloud users from the tenant access a VDC with a role, the platform replaces their user role with the VDC role.
Administrators can also create exceptions for specific cloud users.
Of course, the platform never allows the user to assume more privileges through a VDC role or an exception.