Introduction
With all Enterprise infrastructure products, administrative permissions are paramount to the security of the system, applications, data, and users. Similar to many application systems, VMware offers the ability to manage user and group permissions provided by an external source such as Active Directory or Open LDAP.
In a properly designed system, there should be only rare occasions when the role of a full administrator is required to complete routine tasks. Groups should be created in the supporting directory, which in our case is Active Directory. The use of groups continues to be a wise practice since they are easier to manage than single users and fundamentally provide a more standard mechanism to apply different levels of security to the vSphere environment.
Given the impact, a single misconfigured or mismanaged setting can cause the separation of duties on an enterprise virtualization environment; using proper permissions and roles as a control mechanism is highly recommended...
