Vmware Objrct Perrmisions

Hello Experts

I want to grant permissions to a domain user on a specific VM (EXSi 4.1 host)
I try to give him the permissions through virtual center but it didn't work.
I also tried to give permissions on a security group, didn't work either.
 What can i do to grant domain user permissions to a VM?

Thanks in advanced.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
IT_Group1Author Commented:
Hi hanccocka

thanks for the link, can you point me the steps to do this ?

What have you specifically done to this point that gave you errors. Permission settings are pretty straight forward really. The Datacenter Adm Guide gives you step-by-step on what to do beginning on pg. 87 (actual vCenter permission/role creation on pg. 92 & 99):

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
The easiest way to do this as I've stated is to create a folder in your Datacentre, and add the User/Role to it.

From vCenter I go to the VM/Permissions then select the role and then link the role with the AD group.

or you can create a specific role.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Create one or more roles for that user then assign the appropriate permissions to that role. Next assign the permissions to the various objects. Note that some permissions need to be assigned at the datacenter level, some make sense at the vCenter server level, some at the cluster level, some at folder level, and finally some at virtual machine level.

To really lock down a user I have often created seperate roles for the different levels. But it is easiest to just create a single role and assign at the vCenter Server level, then all of the other levels will inherit. The problem (for me) with this approach is it will often give users access to objects you don't want them to access. For example, I have development clusters and production clusters managed by same vCenter server. I want the developers to be able to do pretty much anything they want with these development clusters, but not allow them to do configuration of the ESX hosts nor do anything with the production clusters. To accomplish this you must bet granular in your permissions.

At vCenter server level I create role with minimum required permissions for that user for the vCenter server access.

At Datacenter level I create role with minimum required permissions for that user for the Datacenter access.

Finally, at Cluster level I create yet another role with all the required permissions for cluster, vm, and, folder, vApp, etc. This is as far as I generally restrict it, but if you want to lock user down to particular vm or something you could continue with minimum required permissions farther down in the hierarchy.

Hope this helps.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.