VMware Virtualcenter roles and permissions are one of the most commonly misunderstood aspects of Virtual Infrastructure 3. We constantly receive calls into tech support asking how-to assign the appropriate rights to users and their virtual machines, clusters, etc.
A new article I saw on VIOPS today that helps one understand some of the basic premises of permissions and roles. Sometimes a good overview like this one, written from thirty-thousand feet, helps one solidify VMware’s security model in one’s mind. The article is broken down into major sections:
- Datastores and Networks have no direct privileges
- VMs inherit privileges from two sources
- Clusters and Hosts implicitly are resource pool
- Privileges Needed to Create a Virtual Machine
- Privileges Needed for various Inventory Manipulations
Anything to help understand VMware’s roles and permissions is a good thing. Read VI3 Roles and Permissions
Concepts behind this are explained in the paper Management VirtualCenter Roles and Permissions.