Information Technology Reference
In-Depth Information
The new Operator role is now dei ned, but it's not operational yet. You must still assign users
or groups to the role and apply the role to the ESXi host and/or individual VM(s).
Granting Permissions
As simple and useful as roles are, they are not functional until a user or group is assigned to the
role and the role is then assigned to an inventory object as a permission. Assume that a group of
users exists that needs to interact with all VMs that are web servers. If access control is managed
through the ESXi host, then you have to create a user account on that host (or leverage an Active
Directory user account) together with a new group—for example, WebServerOps. Once these
users and groups exist, you can execute the security model.
Figure 8.7
Custom roles
strengthen manage-
ment capabilities
and add fl exibility
to permission
delegations.
Perform the following steps to grant VM access control to a user or group:
1.
Launch the traditional vSphere Client if it is not already running, and connect to an
ESXi host.
2.
Right-click the object in the inventory tree on the left to which permission should be
assigned, and click the Add Permission option. In this case, right-click the ESXi host.
3.
Click the Add button in the Assign Permissions dialog box.
4.
In the Select Users And Groups dialog box, select the appropriate user or group (for
example, WinESXOps).
