In VC, open the permissions tab for that single vm and add/grant vm administrator permissions for the user you want to have access to the vm. When they log into VC or the web console they will only get access to that single VM.

Message was edited by:

conradsia

In addition, if you want to go further into it you could create a more granular role than administrator. Go to the 'Admin' section of VC and under the 'Roles' tab you could create a new one for whatever you want. I do this to prevent virtual hardware changes, etc....

Once you get the permissions done, log into the web interface and then you can copy the direct web link to the VM and send it to the user...

In VC you simply right click on the VM/Resource Group and select 'Add Permission' permissions are propagated down by default. Apply user accounts from there and specify their individual permisions. Once the newly permisioned user logs into the VC ip from a browser he will only be able to do what you have specified.

If you loginto a host's IP the user account won't have access at all (even after doing the above), you can set up local accounts on individual esx hosts, however when you vmotion VMs around that would get messy the permissions on a per host basis are not granular only: Read-Only, Administartor and No-Access.

I hope this answers your question.

Hi,

The easiest way would be to log on Virtual Center Webservice, and selecting the targeted VM, and generate a unique access URL. (don't remember the real name but it's something like "Generate unique web access url")

Then to access that "specified" VM just use the given url. (works nicely)

Hope this helps,

Regards.

thanks everyone for the responses

I have set a user to have 'No Access' to the entire data center, but allowed 'VM User' access to the one specific VM. It worked because the permissions at the individual object level can supercede the global permission. (I also used this to hide our Nexus switches from myself so I never accidentally power cycle them!)