Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Using the command line to add permissions directly on the ESX host (1006853)

Purpose

From the ESX host console there are options to add permissions to an already existing user on the ESX host.
 
It is possible to manage the permissions using the command line options for VIM shell.

Resolution

To add permissions to the ESX host from the command line:

  1. Connect to the ESX host via direct console access, a remote KVM, or with a SSH client. For more information, see Connecting to an ESX host using a SSH client (1019852).
  2. Run this command on the ESX host console:

    vmware-vim-cmd vimsvc/auth/entity_permission_add managed_entity user isGroup roleName propagate

    managed_entity: Entity (Managed Object) on which the permission to be granted
    user: User name (user should be present on the host)
    isGroup: true if the value for 'user' parameter is a group object else false
    roleName: Role name for which the permission is granted (Preferably one of NoAccess, ReadOnly, Admin)
    propagate: true if the permissions need to be propagated else false

    Possible options for managed_entity
    vim.Folder:ha-folder-vm – All virtual machines
    vim.Folder:ha-folder-root – Host/virtual machine
    vim.Folder:ha-folder-host – Host

    Additionally, particular virtual machines can be used and the managed_entity parameter is this syntax:

    vim.VirtualMachine:XXX Where XXX is the object ID for the virtual machine.


    This is an example for adding ReadOnly permission for test user test1234 at the highest level on the ESX host and set to propagate:

    vmware-vim-cmd vimsvc/auth/entity_permission_add vim.Folder:ha-folder-root 'test1234' false ReadOnly true

  3. To remove the permissions, run:

    vmware-vim-cmd
    vimsvc/auth/entity_permission_remove managed_entity user isGroup

    For example:

    vmware-vim-cmd vimsvc/auth/entity_permission_remove vim.Folder:ha-folder-root 'test1234' false

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 3 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 3 Ratings
Actions
KB: