VSphere Client Role Permissions

Posted on 2013-05-17
Medium Priority
Last Modified: 2013-06-06
Hey folks - Is it possible to apply a security role permission to a group of virtual machines rather than assign the role permission individually to each virtual machine?

Basically, I would like to clone an existing sample role and use it for helpdesk staff, but I am being lazy and do not want to edit the permissions on each server.  I would like to group the servers and apply the new permission role all members of the virtual machine group.

Question by:LenCepeda
  • 2
LVL 126

Accepted Solution

Andrew Hancock (VMware vExpert / EE MVE^2) earned 1000 total points
ID: 39175688

see Chapter 4 - Authentication and User Management - Page 41

vSphere Security Guide

if you have a Default installation, you have probably added everyone as Administrator!

Assigning Permissions to Folders (if you switch to VM and Template view), and defining and creating Groups in Active Directory, adding these groups to the folders, with specific VMware vCenter Server Roles, allows you to define very granular security and access to VMs.

Developer Access via vSphere Client
We have a group of Developers, we let access our VMware vSphere vCenter Server (ESXi Farm), but we only allow them access to *THEIR VMs*, they have the ability to power on, off, shutdown, restart, add floppy disks, add cdroms, but no other functions, just like a normal computer.

When they login, they only see the above screenshot, but their VMs are shared with 1000s more!
LVL 11

Assisted Solution

rafael_acc earned 1000 total points
ID: 39184235

This is possible indeed. As advised already, you could use folders! It is very similar to how you do it using Active Directory - in this case you would use OU (Organizational Units).

However, I do believe it is best you read the chapter in the book ... it is a very good one and it would eventually clarify your doubts, but also give you a better insight and best practices recommendations.

LVL 126
ID: 39199684
Do you need further help with this question?

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

When rebooting a vCenters 6.0 and try to connect using vSphere Client we get this issue "Invalid URL: The hostname could not parsed." When we get this error we need to do some changes in the vCenter advanced settings to fix the issue.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Advanced tutorial on how to run the esxtop command to capture a batch file in csv format in order to export the file and use it for performance analysis. He demonstrates how to download the file using a vSphere web client (or vSphere client) and exp…
This Micro Tutorial steps you through the configuration steps to configure your ESXi host Management Network settings and test the management network, ensure the host is recognized by the DNS Server, configure a new password, and the troubleshooting…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question