Hi All,
I can't seem to find a way of doing this and it may turn out not to be possible. But I have some ops guys with vSphere client access to our vSphere 5.5 environment and some of them like to tinker with PowerCLI which we would like to restrict.
Reason being they have the ability to cause some serious damage if the wrong script is executed, I do trust my guys but it not a matter of trust its a matter of defined access control. They do need the level of access they have now to administer the environment but the ability to make mass changes via a script need to go through an approval process. We just had a script run to unmount all ISO/CDROMS for all VM's and due to the nature of how Linux OS locks the media it crashed the server.
So what I'm asking is there anyway to allow vSphere access but deny or restrict access to run commands via any other means like PowerCLI ?