1. esxi 5.5 does not support sudoer
===
2. local user groups and associated group specific methods are not supported from vSphere 5.1 or later.
I did looked at :-
Need powercli script to create a new local admin account on all ESX and ESXi hosts in the vcenter
Also looked at note from LucD
I did some further reading in the documentation and I found this under the AssignUserToGroup method:
"Deprecated. As of vSphere API 5.1, local user groups are not supported and group specific methods will throw NotSupported."
So it looks like PowerCLI is correct and what you are seeing is a new feature of vSphere 5.1
===
With above two thing, i think only way is create customer role in vcenter & assign AD account to that role.
But then local ssh to individual host still remains a question.
I tried only admin role (which you can not edit on local host) user gets ssh
Anything i am missing here ?
There are no local groups on an ESXi 5.x/6.x host, the only "local" thing you can create is a user. If you're doing local user creation via PowerCLI then groups don't buy you anything (i.e. just have PowerCLI assign each user the desired role)
We create custom roles on ESXi servers via PowerCLI, use AD groups to grant users access via those roles.
What do you want the customer login to be able to do on ESXi?
it does not allow me to add custom role locally .. am i missing something ?
You're missing something . You can't just "make up" a permission set when assigning permissions, you need to define a role first.
Forgot to mention that you can do all of this with PowerCLI as well
The names to pass to Get-VIPrivilege aren't always the most obvious so I often set the privs in the GUI, then use PowerCLI to dump out the privs that I've set