Vmware Objrct Perrmisions

Hello Experts

I want to grant permissions to a domain user on a specific VM (EXSi 4.1 host)
I try to give him the permissions through virtual center but it didn't work.
I also tried to give permissions on a security group, didn't work either.
 What can i do to grant domain user permissions to a VM?

Thanks in advanced.
IT_Group1Asked:
Who is Participating?
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
The easiest way to do this as I've stated is to create a folder in your Datacentre, and add the User/Role to it.

From vCenter I go to the VM/Permissions then select the role and then link the role with the AD group.

or you can create a specific role.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
0
 
IT_Group1Author Commented:
Hi hanccocka

thanks for the link, can you point me the steps to do this ?

Thanks.
0
 
coolsport00Commented:
What have you specifically done to this point that gave you errors. Permission settings are pretty straight forward really. The Datacenter Adm Guide gives you step-by-step on what to do beginning on pg. 87 (actual vCenter permission/role creation on pg. 92 & 99):
http://www.vmware.com/pdf/vsphere4/r41/vsp_41_dc_admin_guide.pdf

Regards,
~coolsport00
0
 
bgoeringCommented:
Create one or more roles for that user then assign the appropriate permissions to that role. Next assign the permissions to the various objects. Note that some permissions need to be assigned at the datacenter level, some make sense at the vCenter server level, some at the cluster level, some at folder level, and finally some at virtual machine level.

To really lock down a user I have often created seperate roles for the different levels. But it is easiest to just create a single role and assign at the vCenter Server level, then all of the other levels will inherit. The problem (for me) with this approach is it will often give users access to objects you don't want them to access. For example, I have development clusters and production clusters managed by same vCenter server. I want the developers to be able to do pretty much anything they want with these development clusters, but not allow them to do configuration of the ESX hosts nor do anything with the production clusters. To accomplish this you must bet granular in your permissions.

At vCenter server level I create role with minimum required permissions for that user for the vCenter server access.

At Datacenter level I create role with minimum required permissions for that user for the Datacenter access.

Finally, at Cluster level I create yet another role with all the required permissions for cluster, vm, and, folder, vApp, etc. This is as far as I generally restrict it, but if you want to lock user down to particular vm or something you could continue with minimum required permissions farther down in the hierarchy.

Hope this helps.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.