Which vCenter permissions are actively being used?

REED201110141 · ‎06-06-2014

I need to evaluate the roles and permissions of a vSphere environment that is in production. I'm wondering if there is a tool or technique that can show me what permissions the vCenter users are actually touching as they do their jobs. Not which permissions are granted, more like a positive authorization audit. My goal is to evaluate what the users are actually doing and define custom roles based on the data.

Texiwill · ‎06-06-2014

Hello,

You can use HyTrust for this as well as the vCenter Task/Event log. Outside of that you will need to use something like LogInsight (creating your own custom rules), Splunk (perhaps creating some of your own custom parsers). You will end up writing a parser that correlates vCenter logins with tasks created by user and then that task will tell you what actually happened. It is a massive correlation effort but tools do exist to assist.

HyTrust is a pretty good tool for Compliance auditing.

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

All

Which vCenter permissions are actively being used?