You manage users defined on the vCenter Server system and users defined on individual hosts separately.
Even if the user lists of a host and a vCenter Server system appear to have common users (for instance, a user
called devuser), these users should be treated as separate users who have the same name. The attributes of
devuser in vCenter Server, including permissions, passwords, and so forth, are separate from the attributes of
devuser on the ESX/ESXi host. If you log in to vCenter Server as devuser, you might have permission to view
and delete files from a datastore. If you log in to an ESX/ESXi host as devuser, you might not have these
permissions.
vCenter Server Users
Authorized users for vCenter Server are those included in the Windows domain list referenced by vCenter
Server or local Windows users on the vCenter Server system. The permissions defined for these users apply
whenever a user connects to vCenter Server.
You cannot use vCenter Server to manually create, remove, or otherwise change vCenter Server users. To
manipulate the user list or change user passwords, use the tools you use to manage your Windows domain or
Active Directory. For more information on creating users and groups for use with vCenter Server, see your
Microsoft documentation.
Any changes you make to the Windows domain are reflected in vCenter Server. Because you cannot directly
manage users in vCenter Server, the user interface does not provide a user list for you to review. You see these
changes only when you select users to configure permissions.
vCenter Servers connected in a Linked Mode group use Active Directory to maintain the list of users, allowing
all vCenter Server systems in the group to share a common set of users.
Host Users
Users authorized to work directly on an ESX/ESXi host are added to the internal user list by default when
ESX/ESXi is installed or by a system administrator after installation.
If you log in to an ESX/ESXi host as root using the vSphere Client, you can use the Users and Groups tab to
perform a variety of management activities for these users. You can add users, remove users, change
passwords, set group membership, and configure permissions.
C
AUTION
See the Authentication and User Management chapter of the ESX Configuration Guide or ESXi
Configuration Guide for information about root users and your ESX/ESXi host before you make any changes to
the default users. Mistakes regarding root users can have serious access consequences.
Each ESX/ESXi host has two default users:
n
The root user has full administrative privileges. Administrators use this log in and its associated password
to log in to a host through the vSphere Client. Root users have a complete range of control activities on
the specific host that they are logged on to, including manipulating permissions, creating groups and users
(on ESX/ESXi hosts only), working with events, and so on.
n
The vpxuser user is a vCenter Server entity with root rights on the ESX/ESXi host, allowing it to manage
activities for that host. The vpxuser is created at the time that an ESX/ESXi host is attached to vCenter
Server. It is not present on the ESX host unless the host is being managed through vCenter Server.
Groups
You can efficiently manage some user attributes by creating groups. A group is a set of users that you manage
through a common set of permissions.
A user can be a member of more than one group. When you assign permissions to a group, all users in the
group inherit those permissions. Using groups can significantly reduce the time it takes to set up your
permissions model.
vSphere Basic System Administration
210
VMware, Inc.
Summary of Contents for 4817V62 - vSphere - PC
Page 13: ...Getting Started VMware Inc 13...
Page 14: ...vSphere Basic System Administration 14 VMware Inc...
Page 24: ...vSphere Basic System Administration 24 VMware Inc...
Page 38: ...vSphere Basic System Administration 38 VMware Inc...
Page 76: ...vSphere Basic System Administration 76 VMware Inc...
Page 85: ...Virtual Machine Management VMware Inc 85...
Page 86: ...vSphere Basic System Administration 86 VMware Inc...
Page 98: ...vSphere Basic System Administration 98 VMware Inc...
Page 131: ...3 Click OK Chapter 11 Creating Virtual Machines VMware Inc 131...
Page 132: ...vSphere Basic System Administration 132 VMware Inc...
Page 140: ...vSphere Basic System Administration 140 VMware Inc...
Page 172: ...vSphere Basic System Administration 172 VMware Inc...
Page 182: ...vSphere Basic System Administration 182 VMware Inc...
Page 200: ...vSphere Basic System Administration 200 VMware Inc...
Page 207: ...System Administration VMware Inc 207...
Page 208: ...vSphere Basic System Administration 208 VMware Inc...
Page 278: ...vSphere Basic System Administration 278 VMware Inc...
Page 289: ...Appendixes VMware Inc 289...
Page 290: ...vSphere Basic System Administration 290 VMware Inc...
Page 324: ...vSphere Basic System Administration 324 VMware Inc...
Page 364: ...vSphere Basic System Administration 364 VMware Inc...