Creating more effective account credential ownership and building upon the recent API token with OAuth standards, VMware Cloud Director (VCD) v10.4 introduces Service Accounts, as an alternative to user accounts, which allows standalone access for automation and third-party applications/tools (e.g. plugins) to VMware Cloud Director. Service Accounts have access via API only and no UI access. Service accounts can be created either in system or tenant context, however, only the system administrators by default can create them. In case an organization administrator/user needs the ability to create Service Accounts for their organization, then view and manage rights can be granted to allow this.
Using this capability Cloud Director administrators and tenant administrators can effectively grant service accounts the right to 3rd party applications and integrations, making it far easier to manage who is executing tasks by not using a user account for such processes. This means there are no better controls over who does what and accountability that can be seen in the UI or API over actions.
Watch this Feature Friday to understand more about Service Accounts and how you can use them.
Source