Specifications

VMware, Inc. 263

Chapter 17 Managing Users, Groups, Permissions, and Roles

Hierarchical Inheritance

Propagationissetperpermissionrule,notuniversallyapplied.Permissionsdefinedfor

asub‐objectalwaysoverridethosepropagatedfromparentobjects.

Withrespecttopermissions,therearethreetypesofelementsinthehierarchy.Theyare:

 Managedentity–Thesecanhavepermissionsdefinedonthem.

 Virtualmachines

 Folders

 Datacenters

 Clusters

 Hosts

 Resourcepools

 Templates

 Relatedtoamanagedentity–Thesecannothavepermissionsdefinedonthem,

butinheritaccessfromtheobjecttheyarerelatedto.Examplesinclude:

 Networks

 Datastores

 Globalentity–Thesealwaysgettheirpermissionsfromtherootnode.Examples

include:

 Customfields

 Licenses

 Statisticsintervals

 Roles

 Sessions

Multiple Permission Settings

Objectsmighthavemultiplepermissions,butatmostoneforeachuserorgroup.

Ifyouapplypermissions,theyoverrideeachotherdownthehierarchy.Ifpermissions

aredefinedonthesameentity,acoupleofsituationsarepossible:

 Ifauserisamemberofmultiplegroupswithdifferentpermissions.Foreach

objectthegrouphaspermissionson,thesamepermissionsapplyasifgrantedto

theuserdirectly.

 Ifmultiplegrouppermissionsaredefinedonthesameobjectandtheuser

belongstotwoormoreofthosegroups: