Specifications

Basic System Administration

268 VMware, Inc.

Mostusershavelimitedabilitytomanipulatetheobjectsassociatedwiththehost.

However,ESXServerprovidefullaccessrightsandpermissionsonallvirtualobjects,

suchasdatastores,hosts,virtualmachines,andresourcepools,totwousers:rootand

vpxuser.

Asroot,youcangrantpermissionsonahostto

individualusersorgroups.Through

VirtualCenter,youcangrantpermissionstoanyuserorgroupincludedinthe

WindowsdomainlistreferencedbyVirtualCenter.

Themethodyouusetoconfigurepermissionsdirectlyonahostisidenticaltothe

methodyouusetoconfigurepermissionsinVirtualCenter .Thelistofprivileges

isthe

sameforESXServerandVirtualCenter.

ThetableinAppendix Aliststheaccesspermissions.

Roles

VirtualCenterandESXServergrantaccesstoobjectsonlytouserswhohavebeen

assignedpermissionsfortheobject.Whenyouassignauserorgrouppermissionsfor

theobject,youdosobypairingtheuserorgroupwitharole.Aroleisapredefinedset

ofprivileges.

VirtualCenter

andESXServerhostsprovidedefaultroles:

 Systemroles–Systemrolesarepermanentandtheprivilegesassociatedwith

theserolescannotbechanged.

 Sampleroles–Samplerolesareprovidedforconvenienceasguidelinesand

suggestions.Theserolescanbemodifiedorremoved.

Youcanalsocreatecompletelynewroles.Table 17‐1liststhedefaultrolesthatcanbe

pairedwithauserandassignedtoanobject.

OTEBydefault,alluserswhoaremembersoftheWindowsAdministrators

groupontheVirtualCenterServeraregrantedthesameaccessrightsasanyuser

assignedtotheAdministratorrole.UserswhoaremembersoftheAdministrators

groupcanloginasindividualsandhavefullaccess.

OTEWhenyouconnectdirectlytoanESXServerhostusingtheVIClient,youcannot

setvirtualmachine‐onlypermissions.Tosetpermissionsonindividualvirtual

machines,connecttothehostthroughVirtualCenterServer.