4
Select Inventory > Permissions > Properties.
5
In the Change Access Role dialog box, select a role for the user or group from the drop-down menu.
6
To propagate the privileges to the children of the assigned inventory object, click the Propagate check box
and click OK.
Remove Permissions
Removing a permission for a user or group does not remove the user or group from the list of those available.
It also does not remove the role from the list of available items. It removes the user or group and role pair from
the selected inventory object.
Procedure
1
From the vSphere Client, click the Inventory button in the navigation bar.
2
Expand the inventory as needed and click the appropriate object.
3
Click the Permissions tab.
4
Click the appropriate line item to select the user or group and role pair.
5
Select Inventory > Permissions > Delete.
vCenter Server removes the permission setting.
Best Practices for Roles and Permissions
Use best practices for roles and permissions to maximize the security and manageability of your vCenter Server
environment.
VMware recommends the following best practices when configuring roles and permissions in your vCenter
Server environment:
n
Where possible, grant permissions to groups rather than individual users.
n
Grant permissions only where needed. Using the minimum number of permissions makes it easier to
understand and manage your permissions structure.
n
If you assign a restrictive role to a group, check that the group does not contain the Administrator user or
other users with administrative privileges. Otherwise, you could unintentionally restrict administrators'
privileges in parts of the inventory hierarchy where you have assigned that group the restrictive role.
n
Use folders to group objects to correspond to the differing permissions you want to grant for them.
n
Use caution when granting a permission at the root vCenter Server level. Users with permissions at the
root level have access to global data on vCenter Server, such as roles, custom attributes, vCenter Server
settings, and licenses. Changes to licenses and roles propagate to all vCenter Server systems in a Linked
Mode group, even if the user does not have permissions on all of the vCenter Server systems in the group.
n
In most cases, enable propagation on permissions. This ensures that when new objects are inserted in to
the inventory hierarchy, they inherit permissions and are accessible to users.
n
Use the No Access role to masks specific areas of the hierarchy that you don’t want particular users to
have access to.
vSphere Basic System Administration
222
VMware, Inc.
Summary of Contents for 4817V62 - vSphere - PC
Page 13: ...Getting Started VMware Inc 13...
Page 14: ...vSphere Basic System Administration 14 VMware Inc...
Page 24: ...vSphere Basic System Administration 24 VMware Inc...
Page 38: ...vSphere Basic System Administration 38 VMware Inc...
Page 76: ...vSphere Basic System Administration 76 VMware Inc...
Page 85: ...Virtual Machine Management VMware Inc 85...
Page 86: ...vSphere Basic System Administration 86 VMware Inc...
Page 98: ...vSphere Basic System Administration 98 VMware Inc...
Page 131: ...3 Click OK Chapter 11 Creating Virtual Machines VMware Inc 131...
Page 132: ...vSphere Basic System Administration 132 VMware Inc...
Page 140: ...vSphere Basic System Administration 140 VMware Inc...
Page 172: ...vSphere Basic System Administration 172 VMware Inc...
Page 182: ...vSphere Basic System Administration 182 VMware Inc...
Page 200: ...vSphere Basic System Administration 200 VMware Inc...
Page 207: ...System Administration VMware Inc 207...
Page 208: ...vSphere Basic System Administration 208 VMware Inc...
Page 278: ...vSphere Basic System Administration 278 VMware Inc...
Page 289: ...Appendixes VMware Inc 289...
Page 290: ...vSphere Basic System Administration 290 VMware Inc...
Page 324: ...vSphere Basic System Administration 324 VMware Inc...
Page 364: ...vSphere Basic System Administration 364 VMware Inc...