the security model vCenter (user / group , role and privileges ) and VMware vSphere ™ ESXi 5.x differs from the traditional model of other operating systems such as Windows or Linux.
In VMware vSphere ™ , the access control system allows the administrator to define vCenter access and privileges to every visible objects in vCenter inventory .
The access control system is defined as follows :
Privilege : The ability to perform certain actions in vCenter , such as lighting a virtual machine , create an alarm, create a cluster, etc. .
Role : A set of privileges and a way to group all individual privileges into a single entity .
Object : Refers to inventory item , Resource Pool, virtual machine , or DataCenter folder where the permissions apply .
User or group : refers to the user or group can perform a specific action .
The combination of a role , a user or group object representing more permissions on VMware vSphere ™ .
The predefined roles in VMware vSphere ™ ESXi 5 are: No Access , Read -only and Administrator. Also, if your environment with VMware vCenter accounts , this will have the following roles defined by default : Virtual Machine Power User , Virtual Machine User , Resource Pool Administrator , VMware Consolidated Backup User , Datastore and Network consumer consumer .
You can define new roles ESXi host level , although it is not a best practice because these roles created at the host level are not propagated to vCenter Server so it is recommended to create new roles in vCenter Server . The role of vCenter Server, Virtual Machine Administrator has default privileges performance .
Also, the default vCenter level role called Administrator can make any task in any inventory item of ESXi servers.
Thanks for reading our blog, participate and share