User Permissions

The objective of this lab is to demonstrate the use of custom user role.

We will discuss about Creating the Custom role in vCenter Server,Assigning permissions and then verifying the permissions.

Add a Custom Role

If the predefined administrator roles do not meet your needs, you can combine specific privileges to create your own roles in View Administrator.

Creating a Custom Role

In the Administration panel under Roles click on Create Role icon and give a name to the role.
Fig- Creating Custom Role
Under Privileges pane, Select Datastore, Network, Resource,VM Configuration, VM Interaction and VM Inventory.
Fig- Editing Created Role to set Privileges

Assigning the permissions on vCenter Server Inventory Objects

Permissions are access roles that consist of user and assigned roles for an object.

Permissions are assigned to the VM and Templates, Hosts and Clusters, Datastores and Standard Networks.
To assign the permission just need to click on Add Permission icon and under the displayed box need to select domain name,non-privileged domain account, created custom role name and propagate to children option.
Fig- Adding Permissions to VMs and Templates

Fig- Selecting User groups for ESXi permissions

Fig- Added permissions to standard networks

Verifying the Permissions

To verify the assigned permissions just log in to web-client with the non-privileged user credentials and Go through all the web-client to check them.Only the permitted VM folders will appear.You will be able to create the VM but only under permitted datastore and also will not be able to delete the machine.
fig-Logged in web client with non-privileged user named jass