We have a vDS configured with many port groups to seperate out our VLANs. Our VM cluster will have a small set of 5 to 10 groups with a few users a peice that will have VM power user role. How do we restrict which port groups a set of power users can connect their VMs to? The vSphere Basic System Administration doc does state that you cannot set permissions directly on a vNetwork Distributed Switch. Does this mean we have to create multiple distributed switches with only the specific VLANs each group can access? Is there a folder structure that allows us to grant permissions on a subset of port groups in a single vDS?

Ultimately we don't want admins from one group being able to hook up a VM on someone else's VLAN.

Thanks,

Cayce