I would like to add an Active Directory Group to have permissions to access the vSphere UI of vCOps with read-only access who are able to run reports in the vSphere UI. However, they should not be able to access vCenter at all. Is this possible and how does this get set up?
The vSphere UI relies on the vCenter for authentication. What you request is not possible for anything other than the "admin" account, which uses local authentication in vC Ops. A user who accesses the vSphere UI requires permissions to vCenter.
However, I would point out that if you give someone read-only to vC Ops, they see the same thing if logging in to vCenter.. so its not like you're hiding anything from the users in vCenter that they couldn't see in vC Ops anyway. This question always comes up with customers who want to block access to vCenter for unwanted users, however like I said what they see is about the same. It's an organizational problem of not wanting people to use vCenter, not so much shielding them from seeing things. This is the technical price of piggybacking vC Ops perms atop vCenter considering vCenter always gives read-only as a minimum perm.
The vSphere UI relies on the vCenter for authentication. What you request is not possible for anything other than the "admin" account, which uses local authentication in vC Ops. A user who accesses the vSphere UI requires permissions to vCenter.
However, I would point out that if you give someone read-only to vC Ops, they see the same thing if logging in to vCenter.. so its not like you're hiding anything from the users in vCenter that they couldn't see in vC Ops anyway. This question always comes up with customers who want to block access to vCenter for unwanted users, however like I said what they see is about the same. It's an organizational problem of not wanting people to use vCenter, not so much shielding them from seeing things. This is the technical price of piggybacking vC Ops perms atop vCenter considering vCenter always gives read-only as a minimum perm.
ok thanks
