VMware 4817V62 - vSphere - PC Administration Manual page 220

vSphere Basic System Administration
Permission Validation
vCenter Server regularly validates its users and groups against the Windows Active Directory domain.
Validation occurs whenever the vCenter Server system starts and at regular intervals specified in the vCenter
Server settings.
For example, if user Smith was assigned permissions and in the domain the user's name was changed to Smith2,
vCenter Server concludes that Smith no longer exists and removes permissions for that user when the next
validation occurs.
Similarly, if user Smith is removed from the domain, all permissions are removed when the next validation
occurs. If a new user Smith is added to the domain before the next validation occurs, the new user Smith
receives all the permissions the old user Smith was assigned.
Assign Permissions
After you create users and groups and define roles, you must assign the users and groups and their roles to
the relevant inventory objects. You can assign the same permissions at one time on multiple objects by moving
the objects to a folder and setting the permissions on the folder.
Prerequisites
Required privilege: Permissions.Modify permission on the parent object of the object whose permissions you
want to modify.
Procedure
1 Select an object and click the Permissions tab.
2 Right-click the Permissions tab and select Add Permission.
3 Select a role from the Assigned Role drop-down menu.
This menu displays all the roles that are assigned to the object. When the role appears, the privileges
contained in the role are listed in the section below the role title for reference purposes.
4 (Optional) Deselect the Propagate to Child Objects check box.
If you deselect this check box, the role is applied only to the selected object, and does not propagate to the
child objects.
5 Click Add to open the Select Users or Groups dialog box.
6 Identify the user or group to assign to this role.
a Select the domain where the user or group is located from the Domain drop-down menu.
b Type a name in the Search box or select a name from the Name list.
c Click Add.
The name is added to either the Users or Groups list.
d Repeat Step 6a
e Click OK when finished.
7 Verify the users and groups are assigned to the appropriate permissions, and click OK.
8 To finish the task, click OK.
The server adds the permission to the list of permissions for the object.
The list of permissions references all users and groups that have roles assigned to the object, and indicates
where in the vCenter Server hierarchy the role is assigned.
220
through Step 6c to add additional users or groups.
VMware, Inc.