VMware 4817V62 Administration Guide - Page 209
Managing Users, Groups, Roles, and Permissions, Managing vSphere Users
View all VMware 4817V62 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 209 highlights
Managing Users, Groups, Roles, and Permissions 18 Use users, groups, roles, and permissions to control who has access to your vSphere managed objects and what actions they can perform. vCenter Server and ESX/ESXi hosts determine the level of access for the user based on the permissions that are assigned to the user. The combination of user name, password, and permissions is the mechanism by which vCenter Server and ESX/ESXi hosts authenticate a user for access and authorize the user to perform activities. The servers and hosts maintain lists of authorized users and the permissions assigned to each user. Privileges define basic individual rights that are required to perform actions and read properties. ESX/ESXi and vCenter Server use sets of privileges, or roles, to control which users or groups can access particular vSphere objects. ESX/ESXi and vCenter Server provide a set of pre-established roles. You can also create new roles. The privileges and roles assigned on an ESX/ESXi host are separate from the privileges and roles assigned on a vCenter Server system. When you manage a host using vCenter Server, only the privileges and roles assigned through the vCenter Server system are available. If you connect directly to the host using the vSphere Client, only the privileges and roles assigned directly on the host are available. This chapter includes the following topics: n "Managing vSphere Users," on page 209 n "Groups," on page 210 n "Removing or Modifying Users and Groups," on page 211 n "Best Practices for Users and Groups," on page 211 n "Using Roles to Assign Privileges," on page 211 n "Permissions," on page 215 n "Best Practices for Roles and Permissions," on page 222 n "Required Privileges for Common Tasks," on page 223 Managing vSphere Users A user is an individual authorized to log in to a host or vCenter Server. Several users can access the vCenter Server system from different vSphere Client sessions at the same time. vSphere does not explicitly restrict users with the same authentication credentials from accessing and taking action within the vSphere environment simultaneously. VMware, Inc. 209