VMware Horizon Community
AaronDelp01
Enthusiast
Enthusiast
‎05-22-2008 09:35 AM
Jump to solution

How to Further Restrict VDM Admins?

Hello all - Another question for everyone. Is there a way to restrict a VDM administrator using the VC roles? Here is what we tried to do:

We set up the permissions for the VDM interprocess commmunications according to the VDM manual, page 31. We also added the proper groups into the Administrators configuration on the VDM server. The problem is we really have two sets of VDM admins, one set with full access (create, delete machines and pools) and another we only want to "support" existing machines (reboot, force disconnects, etc.)

We created a custom role in VC that is a stripped down version of the VDM Admin with only the ability to interact with the VM's. We then added this to an AD Group (VDI Service Desk). We places this into the Administrators group on the VDM server hoping it would be a "restricted" admin.

When we ran the test, the restricted admin could still modify the settings of the pools and create, delete VMs. I suspect there is only one admin level, wide open. Does the VDM let you in if you are an admin and then use the interprocess communications id for all tasks?

Is the level of security presented here possible?

Thank you!

Aaron Delp

www.bladevault.info

Aaron Delp aarondelp.com // @aarondelp
0 Kudos
1 Solution

Accepted Solutions
mpryor
Commander
Commander
‎05-22-2008 10:06 AM
Jump to solution

Hi Aaran,

There are no granular permissions in VDM Admin in VDM 2.0, in fact the user account used to set up communication with VC is used for all actions, and not the credentials of the administrator connecting.

View solution in original post

0 Kudos
3 Replies
mpryor
Commander
Commander
‎05-22-2008 10:06 AM
Jump to solution

Hi Aaran,

There are no granular permissions in VDM Admin in VDM 2.0, in fact the user account used to set up communication with VC is used for all actions, and not the credentials of the administrator connecting.

0 Kudos
AaronDelp01
Enthusiast
Enthusiast
‎05-23-2008 09:34 AM
Jump to solution

Got it! Thank you very much for the reply! Is there anybody I could talk to about a feature request for a future version? Having a "service desk" admin who can handle the sessions but not modify the machines and pools would be a very valuable enhancement. Thank you again!

Aaron Delp

www.bladevault.info

Aaron Delp aarondelp.com // @aarondelp
0 Kudos
spchurchill
Contributor
Contributor
‎10-01-2008 06:30 AM
Jump to solution

Just in case anyone important from VMware is reading this, I would also be looking for this functionality in the next release of VDM! The need to allow the 1st line support people access to a read-only version of the VDM Administration website would be really good.

Thanks,

Sam

0 Kudos