Creating a non-root account with Administrator capabilities on ESXi
search cancel

Creating a non-root account with Administrator capabilities on ESXi

book

Article ID: 304569

calendar_today

Updated On: 03-19-2025

Products

VMware vSphere ESXi

Issue/Introduction

This article provides information to create a non-root account that has Administrator level privileges on ESXi.

Resolution

As per the ESXi Server Configuration Guide:
  1. To add a user to the Users Table.
    1. Log in to the host using the vSphere Client, using the root userid.
    2. Click Manage
    3. Click the Security & users tab and click Users.
    4. Right-click anywhere in the Users table and click Add to open the Add New User dialog.
    5. Enter a login name, a user name, and a password.
      Note: The vSphere Client automatically assigns the next available UID to the user on the ESXii host. You can over-write the populated field.
    6. Create a password that meets the length and complexity requirements. However, the ESXi host checks for password compliance only if you have switched to the pam_passwdqc.so plug-in for authentication. The password settings in the default authentication plug-in, pam_cracklib.so, are not enforced. To allow a user to access the ESXi host through a command shell, select Grant shell access to this user.
    7. In general, do not grant shell access unless the user has a justifiable need. Users that access the host only through the vSphere Client do not need shell access.
    8. To add the user to a group, select the group name from the Group drop-down menu and click Add.
    9. Click OK

  2. Assign Permissions to a User Created for a Standalone ESXi Host (Not Managed by vCenter)
    To perform particular activities on an ESXi host, a user must have permissions that are associated with a particular role. In the VMware Host Client, you can assign roles to users and give the users the permissions necessary to perform various tasks on the host.
    1. Right-click Host in the VMware Host Client inventory and click Permissions.
    2. Click Add user.
    3. Click the arrow next to the Select a user text box and select the user that you want to assign a role to.
    4. Click the arrow next to the Select a role text box and select a role from the list.
    5. Select Propagate to all children or Add as group.
    6. Click Add and click Close.

Adding Permission via vCenter

  1. To select the Permissions tab, also in the local host vSphere client session, and then:
    1. Right click "On Mange in the host profile then Add Permissions"
    2. select Administrator from the Assigned Role drop-down box
    3. click Add to bring up a list of available users
    4. select the user you added in Step 1 and click Add, then OK
    5. click OK
    6. At this point, you should now be able to login to the ESXi host using that user, and the vSphere client.
 
Note: System administrators and managers are strongly encouraged to review the Basic System Administration, ESXi Server Administration Guide, and Knowledge Base articles that discuss the implications of granting Administrator level access.



Additional Information



Powered by Wolken Software