Permissions for vCenter and vCenter Operations Manager
One of the difficulties for a new administrator is exactly how to control access to the objects that any particular user can see within the vCenter Operations Manager (now vRealize). This starts with the misconception that a user must be a full vSphere Administrator to use vRealize. This thought is incorrect and by the end of this section, things will be clear.
Let's start by setting up the vRealize access. Begin by creating a clone of the existing read-only role to a new role, for example, vCOps Read-only.
Then, edit the newly created role (vCOPS Read-only), and add-in global permissions to vCOps Manager User, as shown in the following screenshot:
If you fail to assign the vCOPS User global permission for the vCenter object, it causes the User not authorized error when logging in.
Now, we need to set the permission (vCOPS User) for the vCenter object by assigning a user to the new vCOPS Read-only role we just created. Use the hierarchy...