Information Technology Reference
In-Depth Information
granted the Browse Datastore permission at the parent of the datastore object in the vCenter
Server hierarchy—usually the datacenter in which the ESX/ESXi host is located.
Resource Pool Administrator (Sample)
The Resource Pool Administrator sample role
grants the user the ability to manage and coni gure resources with a resource pool, including
VMs, child pools, scheduled tasks, and alarms.
VMware Consolidated Backup User (Sample)
As the role name suggests, the VMware
Consolidated Backup User sample role grants the user the privileges required for performing
a backup of a VM using VCB.
Datastore Consumer (Sample)
The Datastore Consumer sample role is targeted at users
who need only a single permission: the permission to allocate space from a datastore. Clearly,
this role is very limited.
Network Administrator (Sample)
Similar to the Datastore Consumer role, the Network
Administrator sample role has only a single permission, and that is the permission to assign
networks.
These default roles provide a good starting point, but they won't meet every company's
needs. If you need something more than what is provided by default, you'll need to create a cus-
tom role. We describe this process in the next section.
Working with vCenter Server Roles
What if the default roles supplied with vCenter Server don't provide you with the necessary
functionality for a particular grouping of users? Well, it depends on what the problem is. Let's
take the most basic problem. You've chosen a best-i t role to assign a user privileges, but the role
you've selected lacks a key permission, or perhaps the role you've selected grants a few permis-
sions that you don't want included. To get the exact i t you need, you can simply clone the role
and then customize it.
Perform the following steps to clone a role in vCenter Server:
1.
Launch the vSphere Web Client if it is not already running, and connect to a vCenter
Server instance.
2.
Navigate to the Roles area from the Home screen.
3.
Right-click the role that you want to clone, and select Clone from the context menu or
select the role and click the clone icon above the list.
After you've cloned the role, you can add or remove privileges as needed. We described the
process of editing a role in the section “Editing and Removing Roles.”
Leave the Built-In Sample Roles Intact
We recommend leaving all of the built-in sample roles intact and unmodifi ed. vCenter Server pre-
vents you from modifying the No Access, Read-Only, and Administrator roles but does not prevent
you from modifying the rest of the roles. To help avoid confusion among multiple administrators, we
recommend leaving the built-in sample roles intact and cloning them to a new custom role instead.
