VMware Cloud Community
dsseagren
Contributor
Contributor
‎10-05-2011 12:27 PM

User security clarification

I need some clarification here guys.  I was under the impression that when an ESXi host is managed by vCenter and setup to use AD authentication, the host inherits the users and groups that are defined in vCenter and is able to authenticate them.  My issue came up when trying to run Perl scripts using the SDK which should only require Read Only access.  I defined the user in vCenter and set the permissions to Propogate.  No luck.  It does however work if I create a Read only user account locally on the ESXi host.  Is it the shell access permission?  What am I missing?

Thanks

0 Kudos
2 Replies
a_p_
Leadership
Leadership
‎10-05-2011 12:48 PM

There's no user inheritance from the vCenter Server to the hosts. Once you attach a host to vCenter Server, a local user "vpxuser" is created on the host, which vCenter Server uses to run the tasks. All permissions you set on the vCenter Server instance are only used while logged on to the vCenter Server instance.

André

dsseagren
Contributor
Contributor
‎10-05-2011 12:52 PM

ok thanks.  for some reason I became confused while reading the security configuration guide which made it sound like the hosts would inherit.

0 Kudos