Information Technology Reference
In-Depth Information
a user with the Read-Only permission would be able to see a list of VMs in the inventory but
could not act on any of them.
Administrator
The Administrator role has the utmost authority, but it is only a role, and it
needs to be assigned using a combination of a user or a group object and an inventory object
such as a VM.
With only three built-in roles on ESXi hosts, the defaults don't leave room for much l exibility.
In addition, the default roles just described can't be modii ed, so you can't customize them.
However, don't let that slow you down. Any limits created by the default roles are easily over-
come by creating custom roles. You can create custom roles that will better suit your needs, or
you can clone existing roles to make additional roles to modify for your own purposes.
Let's take a closer look at how to create a custom role.
Creating Custom Roles
If you i nd that the default roles provided with ESXi don't suit your organization's needs with
regard to permissions and management, then you should create custom roles to better map to
your business needs. For example, assume that a set of users needs to interact with the console
of a VM and also needs to change the CD and l oppy media of those VMs. These needs aren't
properly rel ected in any of the default roles, so a custom role is necessary.
Perform the following steps to create a custom role named Operator:
1.
Launch the traditional vSphere Client if it is not already running, and connect to an
ESXi host.
➢
2.
Navigate to the Administration area by using the navigation bar or by selecting View
➢
Administration
Roles.
You can also press the Ctrl+Shift+R keyboard shortcut.
3.
Click the Add Role button.
4.
Type the name of the new role in the Name text box (in this example,
Operator
), and then
select the privileges that will be required by members of the role, as shown in Figure 8.7.
The privileges shown in Figure 8.7 allow users or groups assigned to the Operator role
to interact with the console of a VM, change the CD and l oppy media, and change the
power state of a VM.
Permissions for Changing Virtual Media
To c h a nge fl oppy and CD media using fl oppy disk images (fi les with a .flp fi lename extension)
and CD/DVD disk images (fi les with a .iso fi lename extension) that are stored on a SAN volume,
you will also need to grant that group Browse Datastore privileges at the root of the hierarchy—in
this case, at the ESXi host itself.
5.
Click OK to complete the custom role creation.
