How to give permission to only one host in cluster

Mcicool · ‎05-26-2015

Hello Vmware community! Please help with the following task:

I have a cluster of 3 hosts managed by Vcenter 5.5. I want to have 2 users that can fully manage and view only one host (create VMs/delete/manage storage - just full access).

What i did:

Created users, added them into No Access group applied to Datacenter. Then on a host and its local storage i added them to Administrator group. After it they can log in, see the host, see its storage, but the problem is that they cant create VMs.

I realise that Vms are created in a cluster, but i cant give them permission to manage VMs in a whole cluster, i need them to manage VMs only on their specific host.

And host must be in a cluster though.

Thank you.

Anjani_Kumar · ‎05-26-2015

Created users, added them into No Access group applied to Datacenter. Then on a host and its local storage i added them to Administrator group. After it they can log in, see the host, see its storage, but the problem is that they cant create VMs.

I realise that Vms are created in a cluster, but i cant give them permission to manage VMs in a whole cluster, i need them to manage VMs only on their specific host.

And host must be in a cluster though.

Well, Seems like the permission is not went through. Permission goes through top to bottom.

Follow the below permission pattern.

1. Datacenter > Full Access

2. Cluster > Full Access

3. Host(For you want to give access) > Give Full Access

4. For other 2 host > No Access. should be there.

Try this and see if it can build new vms.

Please consider marking this answer "correct" or "helpful" if you found it useful. Anjani Kumar | VMware vExpert 2014-2015-2016 | Infrastructure Specialist Twitter : @anjaniyadav85 Website : http://www.Vmwareminds.com

Mcicool · ‎05-27-2015

Thank you, it partly solved the question.

Current result is:

They see only their third host

They can create VMs they

But they also see other VMs and can manage them. And i need to restrict access to any VMs which were created on non-their host.

Note: Third host is not a part of HA system.

I guess i can manually restrict permission on every VM but i wonder if there is a more decent solution?

Anjani_Kumar · ‎05-27-2015

That's fine. Then you have to just tweak some more permission.

All will be same apart go to the HA enabled cluster and provide the no access permission to that cluster and host too. it will stop people to seeing those vms and hosts too.

just give the access to the third host which you already given i blieve. that will solve your problem.

Please consider marking this answer "correct" or "helpful" if you found it useful. Anjani Kumar | VMware vExpert 2014-2015-2016 | Infrastructure Specialist Twitter : @anjaniyadav85 Website : http://www.Vmwareminds.com

Mcicool · ‎05-27-2015

I just solved the problem acutally. What i did:

First i moved the third host out of cluster (because i realised that there is no reason for keeping it inside a cluster) so its in the root of Datacenter and after that i gave them full access to this host and No Access to everything else.

Simplified task -> simple solution.

Thank you, i've driven me a bit