Creating custom roles in vCenter Server can be done via the vSphere Web Client or vSphere Client. It provides the ability to customize user’s permissions to fit non-standard requirements of their organization. Through this process, you can provide a limited permissions to a specific users, with detailed control over what operations they can perform.

Here are the step-by-step instructions on how to create custom roles in vCenter according to VMware’s information guide:

Step 1: Login with the vSphere Web Client or vSphere Client to the vCenter Server.

Step 2: Navigate to Administration -> Roles within vCenter Server.

Step 3: Click on the “Create role action (+)”.

Step 4: Enter a “Name” for the custom role.

Step 5: In the privileges section, expand each category and select the required privileges for the user. You can find detailed information on each privilege in the “vSphere Security” document provided by VMware.

Step 6: Once all permissions are selected, click “OK”.

Step 7: After creating the custom role, assign it to a user or group at the required inventory level.

Please remember that vCenter Server system’s predefined roles (such as Administrator, Read-Only, and No Access) cannot be changed. Create a custom role when none of the system roles meet your needs.

Here are some examples of custom roles that you might create:

- A role for junior administrators that permits them to manage virtual machines, but not the vCenter Server system or ESXi hosts.
- A role for data protection operations that permits solutions to take snapshots for replication purposes but does not permit them to delete the original objects.
- A role for application admins who can start and stop their application’s VMs but not delete them.

For more information and details, refer to VMware’s official documentations, such as vSphere Security – Configuring Security Role Privileges in vCenter Server (https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-18071E9A-E34C-4B42-B4B6-7E0A74F85CE9.html) and vSphere Security – ESX Roles and Permissions (https://docs.vmware.com/en/VMware-vSphere/6.0/vsphere-esxi-vcenter-server-601-vc-server-guide.pdf).

Furthermore, it’s recommended to best practices to test roles and permissions in a non-production environment to verify they function as expected before transferring to the production environment.

In sum, creating and setting up custom roles in vCenter Server is an essential task to ensure your VMware virtual environment is built for flexibility and security.

DinoGeek offers simple articles on complex technologies

Would you like to be quoted in this article? It's very simple, contact us at dino@eiki.fr

CSS | NodeJS | DNS | DMARC | MAPI | NNTP | htaccess | PHP | HTTPS | Drupal | WEB3 | LLM | Wordpress | TLD | Domain name | IMAP | TCP | NFT | MariaDB | FTP | Zigbee | NMAP | SNMP | SEO | E-Mail | LXC | HTTP | MangoDB | SFTP | RAG | SSH | HTML | ChatGPT API | OSPF | JavaScript | Docker | OpenVZ | ChatGPT | VPS | ZIMBRA | SPF | UDP | Joomla | IPV6 | BGP | Django | Reactjs | DKIM | VMWare | RSYNC | Python | TFTP | Webdav | FAAS | Apache | IPV4 | LDAP | POP3 | SMTP