Hi All,
I have recently created two new roles to restrict Active Directory security group within Virtual Center and Resource Pool. I have cloned the Virtual Machine Administrator role and tweaked so that group can view complete Data Center whilst only being able to create/remove virtual machines in one resource pool. However, I cannot work out what permission setting would completely restrict role from access and making changes to the 'vCenter Server Settings' on the home page.
Can someone please assist?
Virtual Center: 4.0.0 (Build: 208111)
Thanks,
Fadi
that sounds about right. the Roles and Rights propogate based on hosts/clusters view for sake of server configurations.
If you define the role at the top level in vCenter 4 (which is the name/IP of your vCenter), they will have access to it.
You can define it one level down (Datacenter), then define no-role or nothing at the top level. you'd have to place that permission/role on each datacenter object you have for each of those logins.
Regards,
Jonathan
B.Sc., RHCT, VMware vExpert 2009
NOTE: If your problem or questions has been resolved, please mark this thread as answered and award points accordingly.
The only thing I could find was this blurb
"Use caution when granting a permission at the root vCenter Server level. Users with permissions at the
root level have access to global data on vCenter Server, such as roles, custom attributes, vCenter Server
settings, and licenses. Changes to licenses and roles propagate to all vCenter Server systems in a Linked
Mode group, even if the user does not have permissions on all of the vCenter Server systems in the group"
This was found in the http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf which has a roles and permissions section.
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points
that sounds about right. the Roles and Rights propogate based on hosts/clusters view for sake of server configurations.
If you define the role at the top level in vCenter 4 (which is the name/IP of your vCenter), they will have access to it.
You can define it one level down (Datacenter), then define no-role or nothing at the top level. you'd have to place that permission/role on each datacenter object you have for each of those logins.
Regards,
Jonathan
B.Sc., RHCT, VMware vExpert 2009
NOTE: If your problem or questions has been resolved, please mark this thread as answered and award points accordingly.
Thanks for your responses. I have since removed role access from the top-level i.e Data Center which in turn has restricted access to make changes to Virtual Center settings.