User rights vsphere.local on specific ESXi server

mqzd23 · ‎02-10-2021

I have this user who needs to be admin on a specific ESXi server. My vCenter has Active Directory SSO but I don't want the user to be an Active Directory member so I created a user account for him through vCenter in vsphere.local, gave the user the administrator role in vSphere and applied the permission to the specific ESXi server (with propagation to children). All fine and dandy but I noticed that even that the user is administrator, he's not able to see or edit the datastores, networks etc. on the ESXi server. He is however able to create a VM or edit the ESXi server's settings. I also noticed that when I manually set the permission for his account on the ESXi server's datastore, he's able to see it.

Is this expected or normal behaviour? How can I make a an administrator of a specific ESXi server to be an administrator for all components of that ESXi server? Is that possible? If I make somebody adminstrator of a server, I expect them to be....administrator.

ashilkrishnan · ‎02-10-2021

Hi @mqzd23 ,

Please add the same user to vCenter permissions with read-only role and propagate to children. Then, add the same user to ESXi host with administrator role. That worked for me.

Hope that helps.

Please mark my comment as the Correct Answer/Kudos if this solution resolved your problem

mqzd23 · ‎02-15-2021

Thanks for your reply. I will check that out.