How to group VMs for security purposes

I would need to provide some basic VMs access to my colleagues. Is there a best practices document for vSphere 6?

They would need:

- view console

- reboot/reset

- change VM networking options

This can be achieved using Virtual Machine User role, I guess.

Each person will have corresponding Active Directory group (security, domain local type).

Now the hard part - each person will have a lot of VMs and access changes frequently.

I would rather not apply permissions at VM level as it is cumbersome.

I cannot not apply permissions at VM Folder level as VM Folders are used to group VMs by their purpose (Production, Test, Service, Networking, ProjectA, ProjectB, etc).

Is there a way to group VMs somehow (by tag?) and assign access permission to that group?

0 Kudos
1 Reply
Hot Shot
Hot Shot


Permissions in TAGs directly is not possible, only to create/modify and delete TAGs.

But you could create a TAG and add to all your VMs that you need o use for those Users and add a normal user permissions for those TAGed VMs.

Here is an article that I wrote regarding TAGs that could help and give your some ideas to use it.

Hope this could help.

Luciano Patrao
ICT Senior Infrastructure Engineer
Tech Lead for VMware / Virtual Backups
If helpful Please award points
Thank You
Blog: | Twitter: @Luciano_PT
0 Kudos