The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Modifying roles and permissions for vCenter Operations Manager (2018670)
Note that there are two caveats that can be commonly encountered:
- For a user to log in to the vSphere web UI using this authentication method, it requires the account to have the vCenter Operations permission on all vCenter Servers attached to vCenter Operations Manager in the admin UI.
- You cannot have the exact same login/username in the vSphere UI (vCenter Authentication) and the custom UI (LDAP based). The login for the vSphere UI is exactly how it is presented to a vSphere Client, but the custom UI can use any LDAP value. Therefore if a user is added to both vSphere and custom, they need to remember the unique credentials for each site.
- vCenter Operations Manager must be registered to the vCenter Server in question, and you must have sufficient privileges to clone or modify an existing role.
- When vCenter Operations Manager is registered to a vCenter, it adds some new permissions for a role to take.
To grant permissions to a "Read Only" Role:
- Login to the vSphere Client, as an Administrator.
- From the Home page, select the Roles option.
- Right-click the Read-Only role, and choose Clone.
- Give the new role an appropriate name, like Read-Only+vCOps.
- Right-click the newly named role (in our example, Read-Only+vCOps), and choose Edit Role.
- Expand the Global privilege.
- Select either the vCenter Operations Manager User or vCenter Operations Manager Admin privilege.
- Click OK.
Now the role is created, and you can assign the role to a user against the vCenter Server which has been registered to vCenter Operations. When the role has been assigned, you can access the vCenter Operations web interface using vSphere Client credentials.
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.