Specifications

Basic System Administration

262 VMware, Inc.

 “Users”onpage 265

 “Groups”onpage 267

 “Permissions”onpage 267

 “Roles”onpage 268

 “A c c e s s Permissions”onpage 274

Access Elements

AccesstoVMwareInfrastructureobjectsandactivitiesisestablishedthroughthe

combinationof:

 LogIninformation–Usernameandpassword.

 Groups–Amethodforgroupingindividualusers.

Youcanmanageusersmoreeasilybyassigningthemtogroups.Ifyoucreate

groups,youcanapplyaroletothegroup,andthisroleisinheritedbyalltheusers

inthegroup.

 Roles–Adefinedcollectionofprivileges.

Rolesareacollectionofdefinedprivilegesthatcontrolindividualuserorgroup

accesstoparticularVMwareInfrastructureobjects.ESXServerandVirtualCenter

Serverprovideasetofdefaultroles.Youcanalsocreatenewroles.

 Privileges–Aparticularrightcorrespondingtoasetofoperationsormethodson

aclassofobjects.

 Permissions–Thecombinationoftheroleplususerorgroupnameassignedtoa

VMwareInfrastructureinventoryobject.

Theroleandauserorgroupnamemakeapair.ThispairisassignedtoaVMware

Infrastructureobject.Typically ,thisroleanduserpairingispropagatedtothe

childrenin

theinventoryhierarchy.Thepairiscalledapermission.

Access Rules

Thefollowingisalistofgeneralrulestoconsiderwhenconfiguringyouruser’sand

group’spermissions.

Usersdonotneedtologoutandloginforchangestotakeeffect.Allchangestakeeffect

immediately.