Configuration details | Read Only, Administrator, and No accessare preconfigured roles in vCenter.- Log in to vSphere as an Administrator.
- Go to the menu and select Administration.
- Configuring a custom role
- Under Access Control, go to Roles.
- To add a new/custom role, select NEW.
- Fill out the Name and Description of role.
- For the Networking and VM custom role, select all of the check boxes under the Virtual machine, Network, Host, Resource, and Datastore privileges.
- Press CREATE when done configuring the role.
- The next step is to configure role-based access control for preset and created roles.
- Still under Access Control, go to Global Permissions.
- Select the + or Add button.
- Change Domain to the correct Domain.
- Find the user or group that is associated with that domain that you want to assign roles to.
- Change to or select Role.
- Select Propagate to Children.
- Select OK.
- Repeat steps 4A–4F to add remaining roles.
Related documentation: vSphere Permissions and User Management Tasks |
Verification steps | - No access: Used for restricting granted access: User4@vsphere.local. Confirm that user cannot access vSphere Client.
- Read-only: The user is created with read-only. This role does not possess the right to create VMs or change configs, but only to view them: User3@vsphere.local.
- Confirm that user can view information of VMs.
- Confirm that user is not able to create VMs.
- Network and VM User (Custom Role): The permissions have been set so that the user in this role can create VMs and change certain settings and set up networking for VMs. Confirm that the user can create VMs and Network VMs, but is not able to perform administrative tasks, such as changing other users' permissions.
- Administrator: Full access rights: User1@vsphere.local. Confirm that the user is not prevented from any actions and is synonymous to Admin.
|
Helpful tips | - Carefully delegate access to both local users and AD users.
- Try to use AD users to reduce management of local vSphere users.
|