Solved

VSphere Client Role Permissions

Posted on 2013-05-17
3
405 Views
Last Modified: 2013-06-06
Hey folks - Is it possible to apply a security role permission to a group of virtual machines rather than assign the role permission individually to each virtual machine?

Basically, I would like to clone an existing sample role and use it for helpdesk staff, but I am being lazy and do not want to edit the permissions on each server.  I would like to group the servers and apply the new permission role all members of the virtual machine group.


Thanks
0
Comment
Question by:LenCepeda
  • 2
3 Comments
 
LVL 120

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 250 total points
ID: 39175688
Yes.

see Chapter 4 - Authentication and User Management - Page 41

vSphere Security Guide

if you have a Default installation, you have probably added everyone as Administrator!

Assigning Permissions to Folders (if you switch to VM and Template view), and defining and creating Groups in Active Directory, adding these groups to the folders, with specific VMware vCenter Server Roles, allows you to define very granular security and access to VMs.

Developer Access via vSphere Client
We have a group of Developers, we let access our VMware vSphere vCenter Server (ESXi Farm), but we only allow them access to *THEIR VMs*, they have the ability to power on, off, shutdown, restart, add floppy disks, add cdroms, but no other functions, just like a normal computer.

When they login, they only see the above screenshot, but their VMs are shared with 1000s more!
0
 
LVL 11

Assisted Solution

by:rafael_acc
rafael_acc earned 250 total points
ID: 39184235
LenCepeda,

This is possible indeed. As advised already, you could use folders! It is very similar to how you do it using Active Directory - in this case you would use OU (Organizational Units).

However, I do believe it is best you read the chapter in the book ... it is a very good one and it would eventually clarify your doubts, but also give you a better insight and best practices recommendations.

thanks
0
 
LVL 120
ID: 39199684
Do you need further help with this question?
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VM edit 2 68
VMWare 5, Add Host to Datastore 10 62
VMWare ESXi Guest CPU 8 88
Migrating a VM File Server with shares between clusters and datastores 5 49
HOW TO: Install and Configure VMware vSphere Hypervisor 6.5 (ESXi 6.5), Step by Step Tutorial with screenshots. From Download, Checking Media, to Completed Installation.
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Teach the user how to install log collectors and how to configure ESXi 5.5 for remote logging Open console session and mount vCenter Server installer: Install vSphere Core Dump Collector: Install vSphere Syslog Collector: Open vSphere Client: Config…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question