delegate vcenter administration

tritello · ‎10-02-2017

Hi All,

i manage a Horizon environment (at the moment 8 physical hosts, 1 datacenter and two separate cluster, one for management and one for production machines).

I have to create separate administrators to allow colleagues administering each one a separate "slice" of the system.

Currently i'm running Vcenter appliance v 6.0.0. and horizon 6.3.

I allowed different users/groups from Active Directory to:

- vm creation role on one of the cluster

- no access role on the other cluster

- vm creation role on a vsan datastore

- vm creation role on the dedicated folder containing all delegated-admins-resources

- eventual vm creation role on templates vm.

As it has been so far it can works: delegated admins have read-only permissions of some parts of cluster but they can't edit or manage other's admin vms.

Does anybody have had this need?

How did you manage the issue?

Thanks in advance.

Greetings

Nicola

mhampto · ‎10-05-2017

You can create the custom roles with required permissions and assign them to the domain users/groups on particular inventory objects. When you assign permissions, pair a user or group with a role and associate that pairing with an inventory object. A single user or group can have different roles for different objects in the inventory. See Using Roles to Assign Privileges.