Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Modifying roles and permissions for vCenter Operations Manager (2018670)

Purpose

This article is intended to inform you of how to modify roles and permissions to vCenter Operations Manager, using a vCenter Server Role. For more detailed information, refer to the VMware vCenter Operations Manager Documentation site.

Note that there are two caveats that can be commonly encountered:
  1. For a user to log in to the vSphere web UI using this authentication method, it requires the account to have the vCenter Operations permission on all vCenter Servers attached to vCenter Operations Manager in the admin UI.

  2. You cannot have the exact same login/username in the vSphere UI (vCenter Authentication) and the custom UI (LDAP based). The login for the vSphere UI is exactly how it is presented to a vSphere Client, but the custom UI can use any LDAP value. Therefore if a user is added to both vSphere and custom, they need to remember the unique credentials for each site.

Resolution

Prerequisite

  • vCenter Operations Manager must be registered to the vCenter Server in question, and you must have sufficient privileges to clone or modify an existing role.
  • When vCenter Operations Manager is registered to a vCenter, it adds some new permissions for a role to take.
Permissions

To grant permissions to a "Read Only" Role:

  1. Login to the vSphere Client, as an Administrator.
  2. From the Home page, select the Roles option.
  3. Right-click the Read-Only role, and choose Clone.
  4. Give the new role an appropriate name, like Read-Only+vCOps.
  5. Right-click the newly named role (in our example, Read-Only+vCOps), and choose Edit Role.
  6. Expand the Global privilege.
  7. Select either the vCenter Operations Manager User or vCenter Operations Manager Admin privilege.
  8. Click OK.
Now the role is created, and you can assign the role to a user against the vCenter Server which has been registered to vCenter Operations. When the role has been assigned, you can access the vCenter Operations web interface using vSphere Client credentials.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 6 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 6 Ratings
Actions
KB: