To give users different levels of access to virtual datacenters (VDCs) in specific providers or datacenters, administrators can assign a default role (with fewer privileges than user roles) for all VDCs in a location. So this is a default value for the VDC role that you can set when you create or edit a VDC, that the administrator can later edit.
To control access for users of a tenant in a provider or cloud location with a default role:
At the provider level, the platform will copy the default role to all provider regions. The default role for a region will apply to all new virtual datacenters in the region.
Users with the Manage roles and No VDC restriction privileges can then edit the role for the virtual datacenter and define exceptions. See Set a VDC role to limit user access.
Troubleshooting VDC creation
The platform may prevent a user from creating a VDC (even when they have the Manage virtual datacenters privilege) if they will not have enough privileges to work with resources in the VDC. This can occur if a restrictive default role will apply to the user. The default role applies to users without the "No VDC restriction" privilege. In order for these users to create a VDC: