| ||||||||||||||||||||||
Add/Modify/Remove permissions for users and groups on vCenter Server inventory objects A user is an individual authorized to log in to either ESXi or vCenter Server. A group is a set of users that share a common set of rules and permissions. When you assign permissions to a group, all users in the group inherit them, and you do not have to work with the user profiles individually. In vSphere, the inventory is a collection of virtual and physical objects on which you can place permissions, monitor tasks and events, and set alarms. You can group most inventory objects by using folders to more easily manage them. |
||||||||||||||||||||||
All inventory objects, with the exception of hosts, can be renamed to represent their purposes. For example, they can be named after company departments or locations or functions. vCenter Server monitors and manages the following components of your virtual and physical infrastructure: datacenters, clusters, datastores, folders, resource pools, vApps, networks, virtual machines, templates, or hosts. For ESXi and vCenter Server, permissions are defined as access roles that consist of a user and the user’s assigned role for an object such as a virtual machine or ESXi host. Permissions grant users the right to perform the activities specified by the role on the object to which the role is assigned. ESXi users fall into two categories: those who can access the host through vCenter Server and those who can access by directly logging in to the host from the vSphere Client, a third-party client, or a command shell. Authorized users for vCenter Server are those included in the Windows domain list that vCenter Server references or are local Windows users on the vCenter Server host. You cannot use vCenter Server to manually create, remove, or otherwise change users. You must use the tools for managing your Windows domain. Any changes you make are reflected in vCenter Server. However, the user interface does not provide a user list for you to review. After you create users and groups and define roles, you must assign the users and groups and their roles to the relevant inventory objects. You can assign the same permissions at one time on multiple objects by moving the objects to a folder and setting the permissions on the folder. |
||||||||||||||||||||||
Assign Permissions Procedure
Modify Permissions Procedure
Remove Permissions Procedure
When you remove users from vCenter Server, you also remove permissions granted to those users. Modifying a user or group name causes the original name to become invalid. To remove users from vCenter Server, you must remove them from the domain or Active Directory users list. If you remove users from the vCenter Server domain, they lose permissions to all objects in the vSphere environment and cannot log in again. Users who are logged in and are removed from the domain keep their vSphere permissions until the next validation period. The default is every 24 hours. Removing a group does not affect the permissions granted individually to the users in that group or permissions granted as part of inclusion in another group. If you change a user’s name in the domain, the original user name becomes invalid in the vCenter Server system. If you change the name of a group, the original group becomes invalid after you restart the vCenter Server system. |
||||||||||||||||||||||
References:
|
||||||||||||||||||||||
|