VMware vSphere vCenter 5.0 user role access and permission Control

Role: A variety of roles define a combination of permissions for this role's operational details;

User Permissions: User permissions are used to assign permissions to objects in ESXI5.0, such as ESXI5.0 hosts, virtual machines, storage, and networks. By binding "User + role" to these objects, each user or user group can have operation permissions on the object;

1. When there is no vSphere center, both the user and role are set on each ESXI5.0 through vmwareclient, and the user and role on each host are independent.

2. When vSphere center is used, if the ESXI5.0 host has been added to the center, all users and permissions are uniformly defined and arranged.

VMware-vCenter-Server-Appliance-5.0.0.3324 configuration instructions:

Log on to the vCenter operating system Background:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/01331M5R-0.png "title =" 7.png"/>

Create user

[Root @ localhost ~] # Useradd yanghw

[Root @ localhost ~] # Passwd yanghw

Create Group

[Root @ localhost ~] # Groupadd test

Create a user and add a Working Group

[Root @ localhost ~] # Useradd-g test yanghw // create an yanghw user and add it to the test workgroup

Note: SHELL used by-g's group-d home directory-s

Add a Working Group to existing users

[Root @ localhost ~] # Usermod-g group name Username

3. Add a role

Select system management in vSphere center]

VMware defines several roles by default in vSphere center:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/01331M4V-1.png "title =" 1.png"/>

No access permission] Read-Only Administrator: these three cannot be deleted, and others can be deleted. When you need to create a custom role, you can clone the role above, clone the new role, edit the role, and modify the corresponding permissions. You can also directly add roles to define permissions.

Create a role:

Add role name: the deployment template is a new Virtual Machine (without the permission to delete or modify). Privileged: Select virtual machine. The following configuration template is selected ].

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/01331J121-2.png "title =" 2.png"/>

4. Assign Permissions

Log on to the VMware vSphere Client, click the cluster or virtual machine to be restricted on the left of the host and cluster page, and then click Add permission on the right, right-click the shortcut menu and choose add permission ]. In the displayed "Assign Permissions" dialog box, click "add" and find the user or user group created in the vCenter operating system background.

Add a user or user group and select the deployment template as the new Virtual Machine (no permission to delete/modify). Here, you can define the allocation of roles based on your needs). Note, if you do not want this user to see all the storage in this data center, remove the hooks that spread to sub-objects.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/01331Lb1-3.png "title =" 3.png"/>

In the test template environment, create a template environment, and allocate the user and role to the data storage according to the preceding method, in this case, the role should be assigned the permissions we have created. For example, you can see the assigned permissions:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/01331ML1-4.png "style =" float: none; "title =" 4.png"/>

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/01331IC3-5.png "style =" float: none; "title =" 5.png"/>

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/01331G235-6.png "style =" float: none; "title =" 6.png"/>

5. Verification

Logon to VMware vSphere Client: test with the new account:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/01331M094-7.png "title =" 8.png"/>

We can see from the above operations that the role of VMware vSphere is very detailed, permission allocation is also very rigorous for the normal settings of a permission, each object involved in this permission must have the corresponding permissions ). To access a storage, you must have the read-only permission on the data center to which the storage belongs. You only have the access permission on the data storage, but you do not have the read-only permission on the parent object-data center, users still cannot access this storage. This is important!

The use of other permissions is being tested, but it is not a big problem to pay attention to the above and learn about each permission. Thank you!

This article is from the "O & m it" blog, please be sure to keep this source http://yanghuawu.blog.51cto.com/2638960/1208334