Information Technology Reference
In-Depth Information
Figure 8.11
h e vSphere Client
provides a break-
down of where roles
are currently in use.
Editing and Removing Roles
Over time, it is almost inevitable that management needs will change. At times, you might have
to create new roles, edit an existing role, or even delete a role. If the privileges assigned to a role
are no longer applicable in your environment, you should edit the role to add or remove the nec-
essary privileges.
Perform the following steps to edit a role:
1.
Launch the vSphere Client if it is not already running, and connect to an ESXi host.
2.
Navigate to the roles view using the navigation bar, the Ctrl+Shift+R keyboard shortcut,
or the View
➢
➢
Administration
Roles menu item.
3.
Right-click the role you want to edit, and select Edit Role.
4.
Make the desired changes by adding or removing privileges in the Edit Role dialog box.
Click OK when you i nish.
As we mentioned earlier in this chapter, ESXi won't allow you to edit the default roles.
If a role is no longer used, it should be removed to minimize the number of objects to be
viewed and managed.
Perform the following steps to delete a role:
1.
Launch the vSphere Client if it is not already running, and connect to an ESXi host.
2.
Navigate to the roles view using the navigation bar, the Ctrl+Shift+R keyboard shortcut,
or the View
➢
➢
Administration
Roles menu item.
3.
Right-click the role to be deleted, and select Remove.
When a role is in use and is selected for removal, the ESXi host offers the opportunity to
transfer the existing role members to a new role or to simply drop all members from the role.
This eliminates the chance of accidentally deleting roles that are being used in the inventory.
Now that you understand how to work with local users, groups, roles, and permissions on
an individual ESXi host, be aware that you are unlikely to do much of this. Managing local user
accounts is administratively more cumbersome because of the lack of centralized management
and authentication. Active Directory integration addresses a great deal of this, allowing you to
collapse your user and group management into one centralized directory. However, you will
still i nd that you perform most, if not all, of your access control work within vCenter Server.
