VMware Cloud Community
OsburnM
Hot Shot
Hot Shot
‎04-23-2012 04:49 PM

Roles Options

Greetings all--

I'm curious what other vCenter admins are doing for role delegation & how they have permissions setup.

We have a fairly large environment that's spread across multiple datacenters.  The way support works right now is a few people at the top are VC Admins and have access to everything.  At the local DataCenter level, a few "local" people have full VM rights but limited host rights (basically enough to put it in maint mode & reboot the host, but nothing beyond that), within their own datacenter.

What we are struggling with now is we have a need to create a VM folder at every datacenter, where VMs will reside; however, we want to prevent everyone locally from having access to these VMs.

We've set noaccess rights at the folder level; however, people are still able to access the VMs in Host & Clusters view and via browsing the datastores.

Is there anyway to prevent this?

Thanks,

0 Kudos
2 Replies
vGuy
Expert
Expert
‎04-23-2012 09:20 PM

You will still need to assign no access perms to the hosts, Datastores and the portgroups (if you want to restrict certain portgrps as well).

To avoid adding perms to individual resources, you can group the Datastores and Portgroups in a folder and assign the perms to the folder.

0 Kudos
Techstarts
Expert
Expert
‎04-27-2012 02:29 AM

To Further stress @Guy's point,

Remember there are four views in vSphere vCenter, Hosts & Clusters, Datastores, Networking and Virtual Machine. While restricting and providing accessing, you must think of all four views.

With Great Regards,
0 Kudos