Access controls and configuring roles and permissions
Roles are a set of one or more privileges, which allow access to specific tasks and are generally clubbed together with other privileges related to it. List of roles can be viewed from the Administration | Roles pane in vSphere Web Client. All roles are equally prioritized and no role is superior or subordinate to another role.
The administrator needs to set up proper access controls to stop virtual machines from being vulnerable to attacks, as any user can delete or modify the guest operation system or make changes to any of the folders. These access controls can be managed and configured using Roles and Permissions.
Permissions define the access limitation to the particular object in the inventory. Every object in the inventory has the permissions tab from where it can be managed. Granting permission to any user for any object can be done from the Permissions tab by selecting the Add Permission option.