VMware Cloud Community
FadiAmatoury
Contributor
Contributor
‎06-03-2010 12:47 AM
Jump to solution

Unable to restrict role access to modify Virtual Center Settings

Hi All,

I have recently created two new roles to restrict Active Directory security group within Virtual Center and Resource Pool. I have cloned the Virtual Machine Administrator role and tweaked so that group can view complete Data Center whilst only being able to create/remove virtual machines in one resource pool. However, I cannot work out what permission setting would completely restrict role from access and making changes to the 'vCenter Server Settings' on the home page.

Can someone please assist?

Virtual Center: 4.0.0 (Build: 208111)

Thanks,

Fadi

0 Kudos
1 Solution

Accepted Solutions
IamTHEvilONE
Immortal
Immortal
‎06-03-2010 06:09 AM
Jump to solution

that sounds about right. the Roles and Rights propogate based on hosts/clusters view for sake of server configurations.

If you define the role at the top level in vCenter 4 (which is the name/IP of your vCenter), they will have access to it.

You can define it one level down (Datacenter), then define no-role or nothing at the top level. you'd have to place that permission/role on each datacenter object you have for each of those logins.



Regards,

Jonathan

B.Sc., RHCT, VMware vExpert 2009

5441_5441.jpg

NOTE: If your problem or questions has been resolved, please mark this thread as answered and award points accordingly.

View solution in original post

0 Kudos
3 Replies
mittim12
Immortal
Immortal
‎06-03-2010 05:59 AM
Jump to solution

The only thing I could find was this blurb

"Use caution when granting a permission at the root vCenter Server level. Users with permissions at the

root level have access to global data on vCenter Server, such as roles, custom attributes, vCenter Server

settings, and licenses. Changes to licenses and roles propagate to all vCenter Server systems in a Linked

Mode group, even if the user does not have permissions on all of the vCenter Server systems in the group"

This was found in the http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf which has a roles and permissions section.






If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

IamTHEvilONE
Immortal
Immortal
‎06-03-2010 06:09 AM
Jump to solution

that sounds about right. the Roles and Rights propogate based on hosts/clusters view for sake of server configurations.

If you define the role at the top level in vCenter 4 (which is the name/IP of your vCenter), they will have access to it.

You can define it one level down (Datacenter), then define no-role or nothing at the top level. you'd have to place that permission/role on each datacenter object you have for each of those logins.



Regards,

Jonathan

B.Sc., RHCT, VMware vExpert 2009

5441_5441.jpg

NOTE: If your problem or questions has been resolved, please mark this thread as answered and award points accordingly.

0 Kudos
FadiAmatoury
Contributor
Contributor
‎06-10-2010 03:45 AM
Jump to solution

Thanks for your responses. I have since removed role access from the top-level i.e Data Center which in turn has restricted access to make changes to Virtual Center settings.

0 Kudos