VMware ESX Role Permissions

I create a role.  I go the the Virtual Center console, go down to a folder, right click and select Add Permission.  I select the user on the left side, and select the role on the right, and then click Add.

So what just happened?  Is the user now a member of the role?  How do I remove the user from the role, but keep the role?
xi2payAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

coolsport00Commented:
That role/permission is added to that vSphere or Virtual Center "object". The user you added can log into Virtual Center and perform tasks on that object based on the role/permission you assigned. These docs should help clarify:
http://www.vmware.com/pdf/vi3_vc_roles.pdf
http://www.petri.co.il/vmware-esx-roles-permissions-privileges.htm
http://www.petri.co.il/virtual_understanding_vmware_esx_users_groups_roles.htm

Regards,
~coolsport00
0
vmwarun - ArunCommented:
VirtualCenter is dependent on Active Directory for User Manipulation and the System and Server roles which you have in Virtual Center binds the AD User to the specific default role or custom role.
0
xi2payAuthor Commented:
Thanks for the post, arunraju.  I apologize.  I should have told you that we're running ESX 4.0 with the VSphere client.  This is what's throwing me completely off.  

I've attached some pics to show you what I see.  This is what you get when you use the VSphere client.

For the life of me, I can't find where you go to remove a user from a role.
esx1.PNG
esx2.PNG
esx3.PNG
esx4.PNG
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

coolsport00Commented:
"xi2pay", pg. 216 in the vSphere Basic Admin Guide tells how to edit a role:
http://www.vmware.com/pdf/vsphere4/r40/vsp_40_admin_guide.pdf

Basically, do:
1 On the vSphere Client Home page, click Roles.
2 To select the role to edit, click the object in the list of Roles.
3 Select Administration > Role > Edit Role.
4 Select privileges for the role and click OK.

In the permissions tab is where you remove a role from a user though. In the Roles area, you create the Role you want a user to have; the permissions is a combination of user & role granted on a vSphere object. Let me know if you still have questions. I think the Basic Admin Guide will help though.

Regards,
~coolsport00
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
coolsport00Commented:
BTW...to answer your question about the Roles tab, you're right...it's not there any longer in vSphere because it is its own 'window' by going to Administration -> Roles. So, there's no need for a tab. The GUI in vCenter has changed alot (as you no doubt have noticed) between 2.5 and 4. :)

~coolsport00
0
JustenCCommented:
Xi2pay
In ESX1.png above, you can right click on the user and delete. The role will persist. if no one is a member you can add again members.

I apologize in advance for any duplicate posts inserted by our proxy server

Justen
0
JustenCCommented:
Xi2pay
In ESX1.png above, you can right click on the user and delete. The role will persist. if no one is a member you can add again members.

I apologize in advance for any duplicate posts inserted by our proxy server

Justen
0
vmwarun - ArunCommented:
You are using vCenter to manage your ESX hosts which is dependent on Active Directory.
ESX hosts use Linux Users, Groups while the vCenter Server uses Active Directory or local Windows Usernames and passwords.
0
xi2payAuthor Commented:
Thanks for the posts guys.  Looks like some real good info.  I've been out of the office, so don't have a chance to look at it till monday.

coolsport00... i googled every combination of key words that i could think of, except for user manual.  good lesson to remember.  the obvious gets overlooked all the time. thx again for the info.  
0
coolsport00Commented:
Absolutely...hopefully this helps you. :)

Regards,
~coolsport00
0
xi2payAuthor Commented:
Thanks very much to the three of you.  Reading the Admin Guide brought it all together.  The explanation/solution in the guide is definitely not what I expected, which explains why I was having a hard time grasping it.  

I divided the points by order of usefulness.  The guide was the deciding factor, so I'm leaning in that direction, but hope everyone is satisfied.  

Thx again.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.