Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
VMware vSphere 6.7 Cookbook

You're reading from   VMware vSphere 6.7 Cookbook Practical recipes to deploy, configure, and manage VMware vSphere 6.7 components

Arrow left icon
Product type Paperback
Published in Aug 2019
Publisher
ISBN-13 9781789953008
Length 570 pages
Edition 4th Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Abhilash G B Abhilash G B
Author Profile Icon Abhilash G B
Abhilash G B
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Deploying a New vSphere 6.7 Infrastructure FREE CHAPTER 2. Planning and Executing the Upgrade of vSphere 3. Configuring Network Access Using vSphere Standard Switches 4. Configuring Network Access Using vSphere Distributed Switches 5. Configuring Storage Access for Your vSphere Environment 6. Creating and Managing VMFS Datastores 7. SIOC, Storage DRS, and Profile-Driven Storage 8. Configuring vSphere DRS, DPM, and VMware EVC 9. Achieving High Availability in a vSphere Environment 10. Achieving Configuration Compliance Using vSphere Host Profiles 11. Building Custom ESXi Images Using Image Builder 12. Auto-Deploying Stateless and Stateful ESXi Hosts 13. Creating and Managing Virtual Machines 14. Upgrading and Patching Using vSphere Update Manager 15. Securing vSphere Using SSL Certificates 16. Monitoring the vSphere Infrastructure 17. Other Books You May Enjoy

Configuring vCenter Roles and Permissions

By default, the SSO-Domain\Administrators (vsphere.local\Administrators) group is assigned an Administrator role on the vCenter and is defined as a Global Permission. This means that if there were to be more than one vCenter in an Enhanced Linked Mode configuration, then the vsphere\Administrators group will have Administrator role permissions on all the connected vCenters.

The only member of the vsphere.local\Administators group is the SSO administrator (administator@vsphere.local). Users from other identity sources can be added as members of this group if you so desire.

However, in most environments, although multiple vCenters will be managed under a single ELM umbrella, you will sometimes need to provide vCenter-specific permissions. For instance, if you manage multiple vCenters belonging to different customers, then assigning global permissions is not considered ideal. In such cases, you will need to provide user access to specific vCenters only.

In this recipe, we will learn how to assign vCenter permissions to an Active Directory user/group.

Getting ready

Before you set off and assign vCenter permissions, ensure that the domain hosting the intended user/group is added as an identity source. To learn how to add identity sources, read the Configuring SSO identity sources recipe in this chapter.

How to do it...

The following procedure will guide you through the steps required to configure vCenter permissions to a domain user or group:

  1. Log in to the vSphere Client (HTML 5) interface as the SSO administrator.
  2. Select the vCenter object from the inventory, navigate to its Permissions tab, and click + to bring up the Add Permission window:
  1. On the Add Permission window, select a domain user or group using the search box, and then specify a role. You can also choose to propagate the permissions to waterfall down to other inventory objects. Click OK to confirm:
  1. Once done, the user/group should be listed under Permissions.

How it works...

Any user account that is used to log in to the vSphere Web Client needs permission on the vCenter to be able to view and manage its inventory. When configuring global permissions, it is important to ensure that it is propagated to the child objects so that the permissions are set on the vCenter Server(s) as well. Permissions can be configured for both local and Active Directory users, provided that the required identity sources are added to SSO.

You have been reading a chapter from
VMware vSphere 6.7 Cookbook - Fourth Edition
Published in: Aug 2019
Publisher:
ISBN-13: 9781789953008
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image