VMware Cloud Community
shaavina
Contributor
Contributor
‎02-27-2020 03:25 AM
Jump to solution

Is it possible to create a role in vcenter, which has the ability to grant console access permission on vm's ?

Is it possible to create a role in vCenter, which has the ability to grant console access permission on vm's ? i.e. the user which is assigned this role should be able to grant console access to any vm in a folder.

vCenter version - 6.5

Tags (2)
1 Solution

Accepted Solutions
scott28tt
VMware Employee
VMware Employee
‎02-27-2020 03:31 AM
Jump to solution

I don't think vSphere has that level of granularity.

I think I'm right in saying that you can define that someone can assign permissions to an object, or a group of objects, but not define what those permissions will actually be.

So you can define that a user has the ability to assign permissions on a folder of VMs, but not define they can only assign the remote console permission.

Reference: Defined Privileges


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog

View solution in original post

4 Replies
scott28tt
VMware Employee
VMware Employee
‎02-27-2020 03:31 AM
Jump to solution

I don't think vSphere has that level of granularity.

I think I'm right in saying that you can define that someone can assign permissions to an object, or a group of objects, but not define what those permissions will actually be.

So you can define that a user has the ability to assign permissions on a folder of VMs, but not define they can only assign the remote console permission.

Reference: Defined Privileges


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
asajm
Expert
Expert
‎02-27-2020 03:43 AM
Jump to solution

Hi shaavina

Administration >>> Global Permissions >>> add user and assgin the role below

Virtual Machine Console user role.png

If you think your queries have been answered
Marking this response as "Solution " or "Kudo"
ASAJM
0 Kudos
scott28tt
VMware Employee
VMware Employee
‎02-27-2020 04:50 AM
Jump to solution

That's how you assign a user to access the console, rather than how you assign one user the ability to assign other users that role (which is any interpretation of the question being asked)


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
shaavina
Contributor
Contributor
‎02-27-2020 05:03 AM
Jump to solution

Thanks, looks like not possible. I also had a ticket with VMware on this, the engineer assigned to the ticket also had no clue if such granular permission assignment on a role was possible or not.

0 Kudos