The security chap has asked me to investigate if the service account for View can have anything less than Administrator permissions at the root of the vCenter heirarchy.
Has anyone tried reducing the rights of the service account successfully?
We will have dedicated hosts (in a dedicated cluster) for VDI so is it just a case of:
1. Giving the account admin permissions at the level of the Inventory folder (VMs and Templates view) where the VMs will go
2. Giving the accoun admin permissions at the VDI cluster level
?
We are not using Composer, so that simplifies things a bit.
I'm going to give this a try today but would be interested if anyone else has done something similar.
Thanks
Chris
That link contains the needed permissons to make up your own role. You can try removing/adding and see how minimnal you can make it before things break.
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points
On page 37 of , , it says you can assign the View Administrator administrator permissons at the Datacenter or Cluster level where the pools will be created. According to that you should be fine with trying it.
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points
Indeed, I have made the changes I mentioned and everything's still working ok.
However, I suspect that the security chap is still going to ask if the Admin role is needed and whether a more restricted role can be created in this instance. So I guess I'll be delving into the different permissions available to make up a role just for the View service account!
That link contains the needed permissons to make up your own role. You can try removing/adding and see how minimnal you can make it before things break.
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points