Solved

VSphere Client Role Permissions

Posted on 2013-05-17
3
401 Views
Last Modified: 2013-06-06
Hey folks - Is it possible to apply a security role permission to a group of virtual machines rather than assign the role permission individually to each virtual machine?

Basically, I would like to clone an existing sample role and use it for helpdesk staff, but I am being lazy and do not want to edit the permissions on each server.  I would like to group the servers and apply the new permission role all members of the virtual machine group.


Thanks
0
Comment
Question by:LenCepeda
  • 2
3 Comments
 
LVL 117

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 250 total points
ID: 39175688
Yes.

see Chapter 4 - Authentication and User Management - Page 41

vSphere Security Guide

if you have a Default installation, you have probably added everyone as Administrator!

Assigning Permissions to Folders (if you switch to VM and Template view), and defining and creating Groups in Active Directory, adding these groups to the folders, with specific VMware vCenter Server Roles, allows you to define very granular security and access to VMs.

Developer Access via vSphere Client
We have a group of Developers, we let access our VMware vSphere vCenter Server (ESXi Farm), but we only allow them access to *THEIR VMs*, they have the ability to power on, off, shutdown, restart, add floppy disks, add cdroms, but no other functions, just like a normal computer.

When they login, they only see the above screenshot, but their VMs are shared with 1000s more!
0
 
LVL 11

Assisted Solution

by:rafael_acc
rafael_acc earned 250 total points
ID: 39184235
LenCepeda,

This is possible indeed. As advised already, you could use folders! It is very similar to how you do it using Active Directory - in this case you would use OU (Organizational Units).

However, I do believe it is best you read the chapter in the book ... it is a very good one and it would eventually clarify your doubts, but also give you a better insight and best practices recommendations.

thanks
0
 
LVL 117
ID: 39199684
Do you need further help with this question?
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Create your own, high-performance VM backup appliance by installing NAKIVO Backup & Replication directly onto a Synology NAS!
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Teach the user how to delpoy the vCenter Server Appliance and how to configure its network settings Deploy OVF: Open VM console and configure networking:
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now