Hello guys in this post i will give you brief overview about the permissions & privileges used in the vCenter Server 6. Permissions are always very helpful to maintain security of any product or device. we can give permissions to only authorized users only & block permissions for unauthorized users to make secure environment. so here in vCenter 6 we also have Access Control mechanism which helps to setup & provide the permissions & to provide access to the specific object.
You can authorize a single user or a group of users with a role which will provide them one or more privileges to access the vSphere inventory objects. While using vCenter Server you can give a role to user or group which provides user to access the vCenter inventory objects but in case of Host level it only applies to individual hosts.
vCenter Server Permissions :-
vCenter Permissions will help you to assign permissions to different objects which comes under the vCenter Inventory objects. Permissions give user or group a set of privileges (Role) to access vCenter Server objects.
Global Permissions :-
Global permissions are applied to a global root object that spans solutions. Global permissions are the root level permissions which provides the specific user or group the root level permissions which can only be applied to a root users. For Example if you have multiple vSphere Solutions such as vCenter & Orchestrator then permission will be applied to all the objects in the both object hierarchies.
Group Membership in vsphere.local group :-
User [email protected] is the default user who can perform all the tasks which are associated with services included with Platform Service Controller (PSC). So if any user is the member of vsphere.local group then he can perform task which [email protected] can perform or the associated service in which group the user is.
For example if a user is the member of LicenseService.Administrator group then user can perform the License Management Tasks.
Following Services are included in the PSC:
- vCenter Single Sign-On
- License Service
- Lookup Service
- VMware Directory Service
- VMware Certificate Authority
ESXi Local Host Permissions :-
If you are using the standalone ESXi host which is not managed by the vCenter Server than you can assign one of the predefined roles to the user.
vCenter Server Permissions :
vCenter uses Roles to provide the permissions to the vCenter Inventory objects. where you first create a role with the set of privileges which is assigned to the user or group by which user or group can given permission of the vSphere objects.
Checkout Our Posts on vCenter Server Permissions:-
- How to create vCenter Single Sign-On User ?
- How to create Groups in vCenter Single Sign-On ?
- How to Add user into Administrator Group ?
- How to Configure Password & Lockout Policy in Single Sign-On ?
- How to Integrate Active Directory with vCenter Single Sign-On ?
- How to create new Role in vCenter Access Control ?
- How to Assign Permissions to the User ?
That’s it for Today Friends. I Hope you liked reading this post & If you find anything more to be added or removed feel free to write it in our comments. If you find it useful You are Feel free to share this on social media to help others & spread knowledge.
If you have any query on any thing you are free to write it in our comments section & we will make sure to provide you the better solution as soon as possible.
Checkout our Facebook Group for discussions & more.
You can also Like & Share our Facebook Page for Latest Updates.