Hi
Which ESXi version are you using?
As described here: vSphere 5.1 - Full Admin Support for Named User Accounts | VMware vSphere Blog - VMware Blogs
You can assign full administration rights to named users with vSphere 5.1+
Versions of ESXi prior to 5.1 only allow for a single administrative account on the host, and this was of course the “root” user.
While it is possible to create named user accounts and to use these accounts to logon to the ESXi Shell and perform many operations, these users are not granted full administrative rights on the host.
As such these named users often need to “su” to root in order to perform privileged operations such as viewing logs, creating a log bundle for support, or running commands like esxtop or vmkfstools.
This presents some challenges in terms of both security and auditing.
With vSphere 5.1 there is no longer a dependency on a shared root account.
ESXi 5.1 now allows assigning full administration rights to named users.
With this, users can now logon to the ESXi shell using individual accounts without the need to “su” to root, and because there is no longer a dependency on a shared root account all actions performed on the host are logged under the named user rather than the shared “root” account.
Thus helping to better secure the host while at the same time improve logging and auditing.
The ability to assign full admin rights to named users helps improve host security and allows you to limit access to the root account.
See also this blog post: Grant shell access to this user? No worries mate! | VMware vSphere Blog - VMware Blogs
Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
