Hi if is possible that VMC console don't have read-only user ?
I would need perform some training for juniors and would like give them access to VMC console (to start learning) but according what i see and read in documentation https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.getting-started/GUID-83DC... i can configure for VMC NSX Cloud Auditor only together with Administrator (delete restricted) role.
I would like prevent some adding hosts or create additional subscription...or even rename cluster... but buttons looks like are still active...
Actually to access the VMC console you have 4 roles: Administrator, Administrator (Deleted Restricted) NSX Cloud Auditor and NSX Cloud Admin, but unfortunately there is no Read Only mode by default.
You can play a bit with more the Flexible Permissions Model for Role-Based Access so you have the ability to create custom roles from a subset of the privileges from the current CloudAdmin role to offer more granular role-based access to vCenter objects but not directly to the console.
Other option is add your AD as Identity Source to VMC and then you will able to assign your own AD users with the ReadAmin role. https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-cente...
Last but not least and best option is that you can setting up Federated Identity Management which allows you to control authentication to your organization by assigning organization and service roles to the groups synced from your corporate domain. You can also set up multi-factor authentication as part of federation access policy settings.
To enable federation you need to create a support ticket and our Support Team will assist you trough the entire process.
Hope this help.