Creating and assigning a role with privileges to create and manage virtual machine to a Domain or Local User/Group
book
Article ID: 316586
calendar_today
Updated On:
Products
VMware vCenter Server
Issue/Introduction
This article provides steps to create and assign a role with privileges to create and manage virtual machine to a Domain or Local User/Group.
Environment
VMware vCenter Server 5.5.x
VMware vCenter Server 6.0.x
VMware vCenter Server 6.7.x
VMware vCenter Server 7.0.x
VMware vCenter Server 6.5.x
Resolution
To create a role and assign the necessary privileges:
-
Open a vSphere Client connection to the vCenter Server.
-
Click Home > Administration > Roles > Add Role.
-
Give the new role a name, then select these Privileges:
- Datastore
- Allocate space
- Browse datastore
- Global
- Network
- Resource
- Assign virtual machine to resource pool
- Scheduled task
- Create tasks
- Modify task
- Remove task
- Run task
- Virtual machine
- Change Configuration
- Acquire disk lease
- Add existing disk
- Add new disk
- Add or remove device
- Advanced configuration
- Change CPU count
- Change Memory
- Change Settings
- Change resource
- Modify device settings
- Remove disk
- Rename
- Reset guest information
- Upgrade virtual machine compatibility
- Edit Inventory
- Create from existing
- Create new
- Move
- Register
- Remove
- Unregister
- Interaction
- Answer question
- Configure CD media
- Configure floppy media
- Connect devices
- Console interaction
- Guest operating system management by VIX API
- Install VMware Tools
- Power off
- Power on
- Reset Suspend
- Snapshot management
- Create snapshot
- Remove snapshot
- Rename snapshot
- Revert to snapshot
-
Add the permission at the highest level and set to propagate the permissions.
Alternatively, set specific levels within vCenter Server:
-
Click the Inventory object, then click the Permissions tab.
-
Click on the plus (+) sign to Add Permissions.
-
Under User, select the domain the user is located in
Note: Leaving the Domain entry as (server) shows the vCenter Server's local Windows accounts.
- Find the user and assigned the newly created Role
-
Deselect Propagate to Child Objects.
Feedback
thumb_up
Yes
thumb_down
No