Hello,

Moved to vCenter Server forum.

You will want to place the permissions at the level you desire and not at the root. For example.

New Role with console interaction only but no power on/off named NewRole

Virtual Machine and Template View

Datacenter

Folder A

Machine A

Machine B

Folder B <--- place NewRole here to affect all VMs in the folder

Do not put a virtual machine role on a resource pool, etc and do not have too many roles for any one user as it is what ever permissions that have the least abilities wins. If you deny at the top you are denied below. If you set wide open perms at the top and restrict below, the permisssions apply based on where they are in the tree.


Best regards,

Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|Virtualization Security Round Table Podcast[/url]

Yeah and to add to what Ed said, to make things easier, I create AD groups. I then shift the VM's for a particular group in a folder under VM and Templates.

That way if someone needs access to a set of VM's all I have to do is add them to the group. This will only work if your VC is a member of of the AD.

Hi,

You will have to create a new role with all the privileges that you need. As per your requirement, you want to do most of the operations that VM administrator does except some delete operations. So you can do the following:

1. Clone "VM Administrator" privilege, and assign a new name for it.

2. Click on Edit role and uncheck all the privileges that you dont want to assign.

3. Create the permissions where ever you want with the above created role.

-Sandeep