VMware vSphere

Hi everyone,

I have an ESXi 6.5 that hosts several servers. I need to create a user that has the grant to view only a single Virtual Machine and do nothing else.

The steps I have done are:

• I have firstly created the user;
• I have created a role "Virtual Machine"
• Right click on the VM, then granted this permission to the user;

But when I try to login with that user, I have this error:

     Connection to ESXi host timed out

If instead I give the same permission at the Host level, it logs in but I see all the VMs.

How can achive this objective?

Thank you.

Hi,

can you describe what permissions you selected for your newly created role?

Then

When I try to log in with the user, I get the error.

Hi,

permissions in vSphere/ vCenter can be complex. As already mentioned, you need at also privileges on the parent object. Depending on your view this can be the host or a folder.

You might check this part of the vSphere documentation for a better understanding: Hierarchical Inheritance of Permissions.​ I recommend to create a new folder in the VM view, add your role to this folder, and then drag your VM into this folder.

I am using VMWare ESXi...I don't think I am able to create Folders (or at least I cannot find how to do it).

Ah, okay. I've missed that you don't have a vCenter. Have you checked this part of the ESXi Docs? Managing Permissions in the VMware Host Client

Exactly as I mentioned above, you need vCenter Server to use folders - so in your case the host is the only parent object of your VM.

Ok thank you. So I understand now that ESXi has limited functionality without vCenter Server...

You need some level of access at the parent object, which in your case is the host - that's why you're seeing those 2 behaviours.

You would need vCenter Server managing your host to achieve what you want, as then you can create folders as parent objects.