I am having some problems configuring user permissions for direct access to my VM host (not through VC).
I added a user at the host level with the administrative role and now I want to reduce his level of access. The problem I am having is no matter what I change his role to it still gives him full access.
I created a role called User which had rights only to perform changes on a VM. I then moved the user into the User group but he still maintains full privileges. If I go to the root of the tree (i.e. the host) and select a new role and click OK to propagate it tells me that :
The permission for the user/group, User is inherited from the object, ha-folder-root. Modifying it for this object will create a new permission for this object, and not change the original permission.
I then deleted the user but it is still listed and can still access the host. The delete option is now greyed out.
Any ideas on how I go about removing this users global access and limiting it to a few VMs as at the moment I have just had to change the password to something else ?