Information Technology Reference
In-Depth Information
To assign a permission to an object within vCenter, you use the same principles as with
ESXi hosts. Assign a user to a role and then the role to an object within the vCenter Web Client.
Before we delve into what privileges will be assigned to a role, let's run through an example of
how to assign a permission to an object within the vSphere Web Client:
1.
Log on to the vCenter Web Client as a vCenter administrator. Unless you have created
another account, the account is
administrator@vsphere.local.
2.
Navigate to the object for which you wish to change the permissions. In this example,
locate the vCenter Server object.
3.
Select the Manage tab and then click the Permissions subsection.
4.
Click the green plus arrow to bring up the Add Permission dialog box.
5.
In the left column, click the Add button.
6.
The Select Users/Groups dialog box allows you to select from a Domain drop-down list.
This list is populated with your identity sources previously coni gured within SSO. Select
your Active Directory identity source.
7.
Find the Active Directory user from the list. Click the Add button and then the OK
button.
8.
With the user now specii ed in the list, it's time to assign a role. Select Administrator from
the Assigned Role drop-down list and then click the OK button.
9.
The Active Directory user can now log in using the vSphere Web Client and can manage
vCenter.
By default, just as with the vSphere Client, the Propagate To Children check box is selected.
All objects that are children of the currently selected object will also receive the permission you
are granting. By assigning permissions at a vCenter object and leaving Propagate To Children
selected, we are giving this user permissions over every object this vCenter Server instance
manages. This includes ESXi hosts, VMs, networks, and datastores, to name a few. Keep this in
mind when assigning permissions and only ever give the minimum required access.
Understanding vCenter Server Privileges
Roles are very useful, but now that you've started to peek into the properties of the roles and
how to edit roles, you also need to understand each of the privileges and what they do for you
in terms of customizing roles. Remember that privileges are individual tasks that are assigned
to roles. Without privileges assigned, roles are useless, so it's important to understand the privi-
leges available within vCenter Server.
The list of privileges is rather long, but it's broken down into some general categories, so let's
look at what each of the categories means in general terms:
Alarms
Controls the ability to create, modify, delete, disable, and acknowledge vCenter
Server alarms.
Auto Deploy
Controls the ability to use vSphere Auto Deploy for dynamically provisioning
ESXi hosts at boot time.
