4
Select Inventory > Permissions > Properties.
5
In the Change Access Role dialog box, select a role for the user or group from the drop-down menu.
6
To propagate the privileges to the children of the assigned inventory object, click the Propagate check box
and click OK.
Remove Permissions
Removing a permission for a user or group does not remove the user or group from the list of those available.
It also does not remove the role from the list of available items. It removes the user or group and role pair from
the selected inventory object.
Procedure
1
From the vSphere Client, click the Inventory button in the navigation bar.
2
Expand the inventory as needed and click the appropriate object.
3
Click the Permissions tab.
4
Click the appropriate line item to select the user or group and role pair.
5
Select Inventory > Permissions > Delete.
vCenter Server removes the permission setting.
Best Practices for Roles and Permissions
Use best practices for roles and permissions to maximize the security and manageability of your vCenter Server
environment.
VMware recommends the following best practices when configuring roles and permissions in your vCenter
Server environment:
n
Where possible, grant permissions to groups rather than individual users.
n
Grant permissions only where needed. Using the minimum number of permissions makes it easier to
understand and manage your permissions structure.
n
If you assign a restrictive role to a group, check that the group does not contain the Administrator user or
other users with administrative privileges. Otherwise, you could unintentionally restrict administrators'
privileges in parts of the inventory hierarchy where you have assigned that group the restrictive role.
n
Use folders to group objects to correspond to the differing permissions you want to grant for them.
n
Use caution when granting a permission at the root vCenter Server level. Users with permissions at the
root level have access to global data on vCenter Server, such as roles, custom attributes, vCenter Server
settings, and licenses. Changes to licenses and roles propagate to all vCenter Server systems in a Linked
Mode group, even if the user does not have permissions on all of the vCenter Server systems in the group.
n
In most cases, enable propagation on permissions. This ensures that when new objects are inserted in to
the inventory hierarchy, they inherit permissions and are accessible to users.
n
Use the No Access role to masks specific areas of the hierarchy that you don’t want particular users to
have access to.
vSphere Basic System Administration
222
VMware, Inc.
Содержание 4817V62 - vSphere - PC
Страница 13: ...Getting Started VMware Inc 13...
Страница 14: ...vSphere Basic System Administration 14 VMware Inc...
Страница 24: ...vSphere Basic System Administration 24 VMware Inc...
Страница 38: ...vSphere Basic System Administration 38 VMware Inc...
Страница 76: ...vSphere Basic System Administration 76 VMware Inc...
Страница 85: ...Virtual Machine Management VMware Inc 85...
Страница 86: ...vSphere Basic System Administration 86 VMware Inc...
Страница 98: ...vSphere Basic System Administration 98 VMware Inc...
Страница 131: ...3 Click OK Chapter 11 Creating Virtual Machines VMware Inc 131...
Страница 132: ...vSphere Basic System Administration 132 VMware Inc...
Страница 140: ...vSphere Basic System Administration 140 VMware Inc...
Страница 172: ...vSphere Basic System Administration 172 VMware Inc...
Страница 182: ...vSphere Basic System Administration 182 VMware Inc...
Страница 200: ...vSphere Basic System Administration 200 VMware Inc...
Страница 207: ...System Administration VMware Inc 207...
Страница 208: ...vSphere Basic System Administration 208 VMware Inc...
Страница 278: ...vSphere Basic System Administration 278 VMware Inc...
Страница 289: ...Appendixes VMware Inc 289...
Страница 290: ...vSphere Basic System Administration 290 VMware Inc...
Страница 324: ...vSphere Basic System Administration 324 VMware Inc...
Страница 364: ...vSphere Basic System Administration 364 VMware Inc...