vSphere permissions
Single Sign-On provides authentication, but once authenticated vCenter Server defines the scope of access. Permissions are defined within the vCenter Server inventory hierarchy and consist of three things:
- User/Group: This specifies who has access
- Role: This specifies the user or group's privileges
- Object: This specifies where the user or group can execute their privileges
In order to have permissions, all three of these must be defined.
Defining a custom role
There are three built-in roles: administrator, no access, and read-only. Quite a few sample roles have also been created and are available for use. Custom roles may also be created to fit an organization's needs. To create a custom role:
- Log into the vSphere Web Client as an administrator.
- Navigate to Administration and select Roles underĀ Access Control.
- To create a custom role, click on the Add button (+).
- The Create Role dialog will appear. Go through and select the desired privileges for the role. The...