vCenter

 View Only
  • 1.  Setting administrator permissions on a Cluster

    Posted Oct 07, 2011 09:54 AM

    Hi,

    Does anybody know if it is possible to grant a user full administrator permissions on a cluster without comprimising VMs outside this cluster?

    At 1st i thought it would be a case of granting the user administrator rights on the cluster but the user soon found out that certain functions were restricted i.e changing network label on VM and datastore interaction.

    So I decided to make the user an administrator of the datacenter and restrict access to the clusters I didn't want them accessing. This looked fine but unfrotunately if the user goes VM & templates they have full access to all VMs.

    For VMs it seems the administrator permission in the datacenter overrides the no access permission on the other clusters.

    Scenario

    Hosts & Clusters Permissions

    Datacenter----- User (administrator)

      Cluster1----- User (administrator)

      Cluster2----- User (No Access)

      Cluster3----- User (No Access)

    VM & Templates permissions

    Datacenter----- User (administrator)

      VM in Cluster1----- User (administrator)

      VM in CLuster2----- User (administrator & No Access)

      VM in Cluster3----- User (administrator & No Access)

    Any help much appreciated.

    Cheers

    Stuart



  • 2.  RE: Setting administrator permissions on a Cluster

    Posted Oct 07, 2011 01:22 PM

    you need to remove the users from the administrator role at the datacenter level, otherwise those permissions just funnel down.  If you only want permissions on certain clusters, set them at the cluster level.



  • 3.  RE: Setting administrator permissions on a Cluster

    Posted Oct 08, 2011 05:56 PM

    I had similiar issue, had to delegate cluster to other administrator.

    After delegation only on cluster level, he couldn`t create new VM, some permissions on datacenter level were needed.

    So i created a separete datacenter with cluster in it and delegated admnistrators rights.

    I think it`s good decision because distributed swiches are created on datacenter level.