Specifications

VMware, Inc. 265

Chapter 17 Managing Users, Groups, Permissions, and Roles

Example3:Addingavirtualmachine

 Role3canaddvirtualmachines.

 Role4isreadonly.

 GroupCisgrantedRole3onHost1.

 GroupCisalsograntedRole4ontheparentfolderordatacenterforHost1’s

associateddatastoresandnetworks.

Theseobjectsinherittheirpermissionsfromtheirparentfolderordatacenter.

SettingbothpermissionsallowsGroupCuserstoaddavirtualmachinetothe

host.

Example4:Delegatingresources

 UsingdefaultrolesforResourcePoolAdministrator,VirtualMachineUser,

andReadOnly

 GrantUser1theroleofResourcePoolAdministratoronResourcePoolA.

 GrantUser1theroleofVirtualMachineUseronallthevirtualmachinesin

ResourcePoolA.

 GrantUser1therole,ReadOnlyonthefolderordatacentercontainingthe

datastoresandnetworksassociatedwithResourcePoolA.

Becauseresourcepoolsaffectmultipleinventoryobjectsyoumustassignvarious

privilegesonselectedobjectstoeffectivelyperformtasks(inthiscase,delegating

resourceswithinaresourcepoolontothe

virtualmachinesinthatresourcepool).

Users

AuserisanindividualauthorizedtologintoanESXServerhostortoVirtualCenter.

Usersonahostfallintotwocategories:thosewhocanaccesstheESXServerhost

throughVirtualCenterandthosewhocanaccessthehostbydirectlyloggingintothe

hostfromVI

Client,VIWebAccess,athird‐partyclient,oracommandshell.Thesetwo

categoriesdrawusersfromdifferentsources:

 VirtualCenterusers–AuthorizedusersforVirtualCenterarethoseincludedinthe

WindowsdomainlistreferencedbyVirtualCenterorlocalWindowsusersonthe

VirtualCenterhost.

YoucannotuseVirtualCentertomanuallycreate,remove,orotherwisechange

users.Ifyouneedtomanipulatetheuserlistorchangeuserpasswords,you

must

dosothroughthetoolsyounormallyusetomanageyourWindowsdomain.