VMware 4817V62 Administration Guide - Page 212
Default Roles for ESX/ESXi and vCenter Server, System roles, Sample roles, Table 18-1.
View all VMware 4817V62 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 212 highlights
vSphere Basic System Administration The roles created on an ESX/ESXi host are separate from the roles created on a vCenter Server system. When you manage a host using vCenter Server, only the roles created through vCenter Server are available. If you connect directly to the host using the vSphere Client, only the roles created directly on the host are available. vCenter Server and ESX/ESXi hosts provide default roles: System roles Sample roles System roles are permanent. You cannot edit the privileges associated with these roles. VMware provides sample roles for convenience as guidelines and suggestions. You can modify or remove these roles. You can also create completely new roles. All roles permit the user to schedule tasks by default. Users can schedule only tasks they have permission to perform at the time the tasks are created. NOTE Changes to permissions and roles take effect immediately, even if the users involved are logged in, except for searches, where permissions changes take effect after the user has logged out and logged back in again. Default Roles for ESX/ESXi and vCenter Server vCenter Server, ESX, and ESXi provide default roles. These roles group together privileges for common areas of responsibility in a vSphere environment. You can use the default roles to assign permissions in your environment, or use them as a model to develop your own roles. Table 18-1 lists the default roles for ESX/ESXi and vCenter Server. Table 18-1. Default Roles Role Role Type Description of User Capabilities No Access system Read Only system Administrator system Virtual Machine Power User sample Cannot view or change the assigned object. vSphere Client tabs associated with an object appear without content. This role can be used to revoke permissions that would otherwise be propagated to an object from a parent object. This role is available in ESX/ESXi and vCenter Server. View the state and details about the object. View all the tab panels in the vSphere Client except the Console tab. Cannot perform any actions through the menus and toolbars. This role is available on ESX/ESXi and vCenter Server. All privileges for all objects. Add, remove, and set access rights and privileges for all the vCenter Server users and all the virtual objects in the vSphere environment. This role is available in ESX/ESXi and vCenter Server. A set of privileges to allow the user to interact with and make hardware changes to virtual machines, as well as perform snapshot operations. Privileges granted include: n All privileges for the scheduled task privileges group. n Selected privileges for global items, datastore, and virtual machine privileges groups. n No privileges for folder, datacenter, network, host, resource, alarms, sessions, performance, and permissions privileges groups. Usually granted on a folder that contains virtual machines or on individual virtual machines. This role is available only on vCenter Server. 212 VMware, Inc.