As explained at the beginning of this tutorial, rights management is based on: roles, users and the object from which the desired authorization will be applied.
As you will see below, permissions can be added to all types of existing objects (such as data centers, ESXi hosts, VMs, ...) in VMware vCenter Server, but also overall.
To add permissions to a particular object (whatever it may be), simply select it in the left column, then go to its "Permissions" tab.
Next, click on the "+" icon located each time above the list of permissions defined on the desired object.
The first possibility to manage authorizations for your different users is to add global authorizations.
To do this, go to the vSphere Client menu and click: Administration.
Next, go to the section: Access Control -> Global Permissions.
As you can see, by default, permissions are already defined for the users Administrator, AutoUpdate, vpxd-xxxxx, ... of the SSO domain "vsphere.local" (which is the example offered by default by VMware when installation of VMware vCenter Server or VCSA).
You can also see that the Administrator role (= full rights) is granted by default to the user "VSPHERE.LOCAL\Administrator" (= Administrator@vsphere.local), as well as to the "Administrators" group of the same domain SSO.
To add a new global permission, click the "+" icon located just above the table.
Using the "Add Permission" form that appears for the global permissions root (in this case), you will be able to:
Source : Add a Global Permission.
To add permissions on a VMware vCenter Server (or VCSA), go to the menu, then click: Hosts and Clusters.
Select your VMware vCenter Server (or VCSA) and go to its "Permissions" tab.
Next, click the "+" icon at the top of the list of permissions currently set on this object or globally.
As you can see, the form is exactly the same as for global permissions, but this time VMware vCenter Server tells you on the right that this permission will be applied to the desired "[vCenter Server name]" object. .
If you check the "Propagate to children" box, this permission will apply to the current object (in this case: the desired vCenter Server), as well as its child objects: data centers, folders (if applicable), the hosts located there, ...
If you need to apply this permission on this object and its children, except some children, remember that a "No Access" role exists.
For this particular case, simply add a permission with the "No Access" role for the same user on the child objects to which you do not want the permission defined on the vCenter Server to apply.
To add permissions to a data center, go to the menu, then click on "Hosts and Clusters" or "VMs and Templates".
Select the desired data center and go to its "Permissions" tab.
Next, click the "+" icon located at the top of the list of permissions displayed.
To add permissions to a VMware ESXi hosts folder, go to the menu, then click: Hosts and Clusters.
Select the desired folder and go to the "Permissions" tab there.
Next, click the "+" icon located at the top of the list of permissions displayed.
This will allow you to apply privileges (via a previously created and configured role) on several VMware ESXi hosts, its virtual machines, ... if you check the "Propagate to children" box and the privileges defined in the selected role allow it.
To add permissions on a VMware ESXi host (hypervisor), go to the menu, then click: Hosts and Clusters.
Select the desired VMware ESXi host and go to its "Permissions" tab.
Next, click the "+" icon located at the top of the list of permissions displayed.
To add permissions to a virtual machine (VM), go to the menu, then click "Hosts and Clusters" or "VMs and Templates".
Select the desired virtual machine and go to its "Permissions" tab.
Next, click the "+" icon located at the top of the list of permissions displayed.
Creating folders in the 2nd tab (VMs and Templates) will allow you to apply permission to several virtual machines (VMs) at once.
To access this "VMs and Templates" section, go to the menu, then click on: VMs and Templates.
Select the desired folder and go to the "Permissions" tab there.
Next, click the "+" icon located at the top of the list of permissions displayed.
Note that the "Propagate to children" box of the added permission must be checked so that it also concerns the virtual machines located in the desired folder.
To add permissions to a datastore, go to the menu, then click: Storage.
Select the desired datastore and go to its "Permissions" tab.
Next, click the "+" icon located at the top of the list of permissions displayed.
To add permissions on a virtual network, go to the menu, then click: Networking.
Select the desired virtual network and go to the "Permissions" tab there.
Next, click the "+" icon located at the top of the list of permissions displayed.
VMware 4/7/2023
VMware 12/30/2022
VMware 6/17/2022
VMware 7/1/2022
Pinned content
Contact
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.
No comment