Managing vSphere permissions
Some tasks in vSphere require users to have certain permissions in order to complete successfully. When you create a private cloud, VMware Engine performs an initial setup of vSphere permissions for your ease of management. This document provides you with guidance on further managing permissions in vSphere.
Before you begin
To manage vSphere permissions for your private cloud, you must first elevate your privileges. Elevating your privileges through VMware Engine gives you the ability to perform administrative functions in vSphere.
Managing vCenter user groups
Users in the Cloud-Owner-Group group can administer various parts of the
vSphere environment in the private cloud. The Cloud-Owner-Group group is
automatically given Cloud-Owner-Role privileges, and the CloudOwner user
is added as a member of this group.
Google creates additional groups with limited privileges for ease of management. You can add any user to these pre-created groups, and this process assigns the corresponding privileges to the user.
For a full list of pre-created vCenter user groups and their associated vCenter privileges, see Private cloud VMware vCenter permission model.
Granting management permission to individual users
To grant an individual user permissions to manage the private cloud, create a user account and add it to the appropriate groups:
Cloud-Owner-GroupCloud-Global-Cluster-Admin-GroupCloud-Global-Storage-Admin-GroupCloud-Global-Network-Admin-GroupCloud-Global-VM-Admin-Group
Creating new user groups
You can create additional user groups to enable access control for vCenter
users. However, new user groups must have permissions that are lower than
Cloud-Owner-Role. Groups with permissions higher than Cloud-Owner-Role
are automatically reset to Cloud-Owner-Role.
What's next
- Learn how to set up vCenter identity sources.
- Learn about the private cloud vSphere permission model.