Adding permissions to a standalone ESXi server

February 8, 2011 · by · in ESXi, Security

Allowing everyone to log in to an ESXi host as the root user can be dangerous.  Instead, I’ll be creating new roles that allow people perform the tasks dictated by their job requirements and no more.  We’re all human and we all make mistakes so I’d rather remove the ability for a regular helpdesk user to accidentally delete a VM or a datastore, or power down a host by mistake.

The first step is to create a new role and assign privileges:

1. Log in to the vSphere Client, click Home and then click Roles

2. Right-click in the Roles list and choose Add…

3. Enter a name for the new role and select the privileges required

4. Click OK

Add_Permissions_New_Role

 

Next I need will create a new local user:

1. Select the Local Users and Groups tab

2. Right-click in the user list and choose Add…

3. Enter a login name, Username and password then click OK

Add_Permissions_New_User

 

Now to create a local group:

1. Select the Local Users and Groups tab

2. Right-click in the groups list and choose Add…

3. Enter a name for the group and add the new user

4. Click OK

Add_Permissions_New_Group

 

Finally, I can assign the permissions to the new group:

1. Right-click on the host and choose Add Permission…

2. Click Add… to locate the new group and add it to the list.  From the drop-down list of roles, choose the new role

3. Click OK

Add_Permissions_Assign

[BlogBookmark] [Blogsvine] [del.icio.us] [Digg] [Facebook] [Furl] [Google] [LinkedIn] [MySpace] [Reddit] [Slashdot] [StumbleUpon] [Twitter] [Windows Live] [Yahoo!] [Email]
Tags: , , , ,