Create A Role - VMware 4817V62 - vSphere - PC Administration Manual

Table 18-1. Default Roles (Continued)
Role
Virtual Machine User
Resource Pool
Administrator
VMware Consolidated
Backup User
Datastore Consumer
Network Consumer

Create a Role

VMware recommends that you create roles to suit the access control needs of your environment.
If you create or edit a role on a vCenter Server system that is part of a connected group in Linked Mode, the
changes you make are propagated to all other vCenter Server systems in the group. Assignments of roles to
specific users and objects are not shared across linked vCenter Server systems.
Prerequisites
You must be logged in as a user with Administrator privileges.
VMware, Inc.
Role Type Description of User Capabilities
sample A set of privileges to allow the user to interact with a virtual machine's
console, insert media, and perform power operations. Does not grant
privileges to make virtual hardware changes to the virtual machine.
Privileges granted include:
All privileges for the scheduled tasks privileges group.
n
Selected privileges for the global items and virtual machine
n
privileges groups.
No privileges for the folder, datacenter, datastore, network, host,
n
resource, alarms, sessions, performance, and permissions privileges
groups.
Usually granted on a folder that contains virtual machines or on
individual virtual machines.
This role is available only on vCenter Server.
sample A set of privileges to allow the user to create child resource pools and
modify the configuration of the children, but not to modify the resource
configuration of the pool or cluster on which the role was granted. Also
allows the user to grant permissions to child resource pools, and assign
virtual machines to the parent or child resource pools.
Privileges granted include:
All privileges for folder, virtual machine, alarms, and scheduled
n
task privileges groups.
Selected privileges for resource and permissions privileges groups.
n
No privileges for datacenter, network, host, sessions, or
n
performance privileges groups.
Additional privileges must be granted on virtual machines and
datastores to allow provisioning of new virtual machines.
Usually granted on a cluster or resource pool.
This role is available only on vCenter Server.
sample This role is designed for use by the VMware Consolidated Backup
product and should not be modified.
This role is available only on vCenter Server.
sample A set of privileges to allow the user to consume space on the datastores
on which this role is granted. To perform a space-consuming operation,
such as creating a virtual disk or taking a snapshot, the user must also
have the appropriate virtual machine privileges granted for these
operations.
Usually granted on a datastore or a folder of datastores.
This role is available only on vCenter Server.
sample A set of privileges to allow the user to assign virtual machines or hosts
to networks, provided that the appropriate permissions for the
assignment are also granted on the virtual machines or hosts.
Usually granted on a network or folder of networks.
This role is available only on vCenter Server.
Chapter 18 Managing Users, Groups, Roles, and Permissions
213