Lab 17: User Permissions

In this lab, I am going to discuss how to manage a custom user role in the VMware vSphere Environment.

A user is an individual authorised to log into an ESXi host and vCenter Server. User permission is setup based on the user role and activity limitation on the system. You can manage local user separately for the vCenter and ESXi hosts or you can manage user to use AD through SSO for both vCenter and ESXi hosts.

A role is the set of the privileges that allow users to operate their task in the system based on the privileges. You can set the role as group categories. A role can be system roles, custom roles and sample roles.

The tasks list for lab 17: 

  • Create a Custom Role in vCenter Server
  • Assign Permission on a vCenter Server Inventory Objects
  • Verify Permission Usability

Prerequisites:

  • Log in the VMware vSphere web client portal: https://vCenter Server Appliance Name.domainname:9443/vshpere-client/# or VMware vSphere Client via root user and password.

Steps for the task: Create a Custom Role in vCenter Server

In the VMware vSphere Web Client Environment, You can create custom roles through the role editing facilities. The role must be setup as per user requirements.

Step 1: Go to the Home -> Administration -> Roles 1.jpg

Step 2:  Click on the ” Create role Action:2.jpg

Step 3: You need to the setup role in the “Create Role” Wizard.

Role name: Type an appropriate name. My role name is VM Creator-Momataj as per VMware Lab guide.3.jpg

Step 4: Now go to the Privilege panel and set the following privileges for this custom role.

Datastore: Allocate Space4.jpg

Network: Assign Network5.jpg

Resources: Assign Virtual Machine to a resource pool6.jpg

Virtual Machine -> Configuration: Select add new disk, add or remove device and Memory7

Virtual Machine ->Interaction: select All privileges and all subcategory of the interaction8.jpg

Virtual Machine -> Inventory:  Select Create New. 9.jpg

10.jpg11.jpg

Steps for the task: Assign Permissions on vCenter Server Inventory Objects

User’s assigned the roles for an object and permission are access role that consist of the user.

Step 1: Select Home ->vCenter ->VMs and Templates12.jpg

Step 2: Select LabVMs and Go to the Manage -> Permission and Click on (+) icon13.jpg

Step 3: The Assign permission wizard appears. Click “Add14.jpg

Step 4: Now you will get “Select Users\Groups” wizard. Select your domain Name from the Domain panel drop-down. Select the user you want to give the permission to access the role that you created in the previous task.1

Step 6: Click the VM Creator-Your name role [ In my case: VM Creator-Momataj] in the Assigned Role panel. Click Propagate to children. Then “OK”4.jpg165

Step 7: Now go to the Home -> vCenter -> Datastores 6

Select the Datastore -> Manage – > Permission tab and the permission that I showed the screenshot and previous steps.78.jpg9.jpg

Step 8: Select Home ->vCenter -> Standard Networks 

10.jpg

Select Production Network and Set the permission from the Manage -> Permission tab and the permission that I showed the screenshot.11.jpg13.jpg14

Steps for the task: Verify the Permission Usability

In this section, I will show that permission grant users “vesxi01user” can perform the operation based on the user right permission that is set as per role.

Step 1: Login as a domain user. I logged in the VMware VSphere Web Client as “vesxi01user.momataj.local”

1.jpg23.jpg

Step 2: Home -> vCenter ->VMs  and Templates4.jpg

Step 3: Right Click on the “Lab VMs” and Create a new Virtual Machine5.jpg

Step 4: Select a Host. you can see user “vesxi01user” is able to perform tasks as per role and privilege.6.jpg

Thank you 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s