The role of permissions in vSphere management is to segregate VM control among different application support teams....
A permission is a pairing of a user or group with a role, and it is applied to an object, such as a data store or VM.
To understand how to use vSphere permissions, it's helpful to follow an example. To give the networking team the ability to attach a VM to a port group, for instance, you'll need to create a role and then assign the networking team that role.
Step 1: Create the role
To open the vSphere Web Client and go to the homepage, click the house icon at the top, and then click Roles under Administration.
To create a new role, click the green plus button. Give your role a name. In this example, the name is Connect_Network. Then, assign some privileges to the role. We will only add the Assign network privilege from the network group. Click OK to create your new role.
Step 2: Assign the role to a group
Switch to an inventory view. In this example, we will use the Networking view. To assign the Admin_Network group the ability to connect VMs to any port group in my Lab data center, right click the data center and click Add Permission...
In the Add Permission dialogue, click the Add button at the bottom. In the Select Users/Groups dialogue, find the user that you want to assign permission -- in this case, the Admin_Network group -- then click Add and OK.
Back on the Add Permission screen, select the role we created, Connect_Network, from the drop-down list in the Assigned Role box, and then click OK.
Now all members of the Admin_Network group can connect VMs to any port group in the data center. Click the Manage tab and then the Permissions tab to see each user's vSphere permissions. You can see the most recently added permission at the top of this list, along with all of the other permissions.
vSphere permissions are a little complicated. To change and connect the VM to a port group and then add it to the Connect_Network role, the Admin_Network team must have the Virtual Machine Settings privilege.
You can use the same methods to control which users can put VM disks on data stores or create VMs on particular vSphere clusters. Create the roles you need and assign them to groups for different objects.
Keep your vSphere environment secure
Is SD-WAN right for your network architecture?
What to know about VMware Identity Manager before deployment
Dig Deeper on Virtualization and private cloud
Related Q&A from Alastair Cooke
Preconfigured hyper-converged appliances aren't your only option anymore. Software-only and build-your-own hyper-converged infrastructure have unique... Continue Reading
Admins can define vSphere roles to manage user access and control over virtualized platforms. So what are some tips to start that process? Continue Reading
Despite easier provisioning and policy-based management, the unique knowledge held by storage administrators remains essential in the age of ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.