VCF 9.0 introduces a more granular RBAC model to support complex operational requirements. To meet the first requirement regarding cluster lifecycle management, the administrator must assign the Cluster Administrator role to the operations group. This role provides the specific permissions needed to perform actions such as scaling, patching, and modifying the configuration of Supervisor or TKG clusters. By scoping this at the cluster level (or within the project containing those clusters), the operations group is empowered to maintain the resources without having broad administrative access to other organizational settings. For the second requirement, the Security Administrator role in NSX must be assigned to the network administrators group. By scoping this to the project, the network admins can manage distributed firewall rules, gateway policies, and security profiles specific to that project's VPCs while being prevented from interfering with the compute lifecycle managed by the operations team. This separation of duties is essential for large-scale enterprise deployments to prevent unauthorized security changes or accidental cluster disruptions.