In this lab, I am going to discuss how to manage a custom user role in the VMware vSphere Environment.
A user is an individual authorised to log into an ESXi host and vCenter Server. User permission is setup based on the user role and activity limitation on the system. You can manage local user separately for the vCenter and ESXi hosts or you can manage user to use AD through SSO for both vCenter and ESXi hosts.
A role is the set of the privileges that allow users to operate their task in the system based on the privileges. You can set the role as group categories. A role can be system roles, custom roles and sample roles.
The tasks list for lab 17:
- Create a Custom Role in vCenter Server
- Assign Permission on a vCenter Server Inventory Objects
- Verify Permission Usability
- Log in the VMware vSphere web client portal: https://vCenter Server Appliance Name.domainname:9443/vshpere-client/# or VMware vSphere Client via root user and password.
Steps for the task: Create a Custom Role in vCenter Server
In the VMware vSphere Web Client Environment, You can create custom roles through the role editing facilities. The role must be setup as per user requirements.
Step 1: Go to the Home -> Administration -> Roles
Step 2: Click on the ” Create role Action:
Step 3: You need to the setup role in the “Create Role” Wizard.
Role name: Type an appropriate name. My role name is VM Creator-Momataj as per VMware Lab guide.
Step 4: Now go to the Privilege panel and set the following privileges for this custom role.
Datastore: Allocate Space
Network: Assign Network
Resources: Assign Virtual Machine to a resource pool
Virtual Machine -> Configuration: Select add new disk, add or remove device and Memory
Virtual Machine ->Interaction: select All privileges and all subcategory of the interaction
Virtual Machine -> Inventory: Select Create New.
Steps for the task: Assign Permissions on vCenter Server Inventory Objects
User’s assigned the roles for an object and permission are access role that consist of the user.
Step 1: Select Home ->vCenter ->VMs and Templates
Step 2: Select LabVMs and Go to the Manage -> Permission and Click on (+) icon
Step 3: The Assign permission wizard appears. Click “Add“
Step 4: Now you will get “Select Users\Groups” wizard. Select your domain Name from the Domain panel drop-down. Select the user you want to give the permission to access the role that you created in the previous task.
Step 6: Click the VM Creator-Your name role [ In my case: VM Creator-Momataj] in the Assigned Role panel. Click Propagate to children. Then “OK”
Step 7: Now go to the Home -> vCenter -> Datastores
Select the Datastore -> Manage – > Permission tab and the permission that I showed the screenshot and previous steps.
Step 8: Select Home ->vCenter -> Standard Networks
Select Production Network and Set the permission from the Manage -> Permission tab and the permission that I showed the screenshot.
Steps for the task: Verify the Permission Usability
In this section, I will show that permission grant users “vesxi01user” can perform the operation based on the user right permission that is set as per role.
Step 1: Login as a domain user. I logged in the VMware VSphere Web Client as “vesxi01user.momataj.local”
Step 2: Home -> vCenter ->VMs and Templates
Step 3: Right Click on the “Lab VMs” and Create a new Virtual Machine
Step 4: Select a Host. you can see user “vesxi01user” is able to perform tasks as per role and privilege.
Thank you 🙂