VMware Horizon Community
Chris_S_UK
Expert
Expert
‎11-05-2009 12:24 AM
Jump to solution

View service account - permissions in vCenter

The security chap has asked me to investigate if the service account for View can have anything less than Administrator permissions at the root of the vCenter heirarchy.

Has anyone tried reducing the rights of the service account successfully?

We will have dedicated hosts (in a dedicated cluster) for VDI so is it just a case of:

1. Giving the account admin permissions at the level of the Inventory folder (VMs and Templates view) where the VMs will go

2. Giving the accoun admin permissions at the VDI cluster level

?

We are not using Composer, so that simplifies things a bit.

I'm going to give this a try today but would be interested if anyone else has done something similar.

Thanks

Chris

0 Kudos
1 Solution

Accepted Solutions
mittim12
Immortal
Immortal
‎11-05-2009 06:15 AM
Jump to solution

That link contains the needed permissons to make up your own role. You can try removing/adding and see how minimnal you can make it before things break.

If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

View solution in original post

0 Kudos
3 Replies
mittim12
Immortal
Immortal
‎11-05-2009 06:11 AM
Jump to solution

On page 37 of , , it says you can assign the View Administrator administrator permissons at the Datacenter or Cluster level where the pools will be created. According to that you should be fine with trying it.

If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

Chris_S_UK
Expert
Expert
‎11-05-2009 06:14 AM
Jump to solution

Indeed, I have made the changes I mentioned and everything's still working ok.

However, I suspect that the security chap is still going to ask if the Admin role is needed and whether a more restricted role can be created in this instance. So I guess I'll be delving into the different permissions available to make up a role just for the View service account!

0 Kudos
mittim12
Immortal
Immortal
‎11-05-2009 06:15 AM
Jump to solution

That link contains the needed permissons to make up your own role. You can try removing/adding and see how minimnal you can make it before things break.

If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

0 Kudos