Removing Local Administrators from the vCenter Server Administrator role
Article ID: 305822
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
When you are attempt to secure your vCenter Server by removing access from non-vCenter Server Administrators, you experience these symptoms:
When you are attempt to secure your vCenter Server by removing access from non-vCenter Server Administrators, you experience these symptoms:
- You are unable to remove the Administrators group from the default Administrator role at the vCenter Server top level permissions tab.
- Removing an Administrators group in vCenter Server fails with the error:
The requested change cannot be completed because it could leave the system without full administrative privileges for a user or group.
Environment
VMware vCenter Server
Cause
This is expected behavior and a safety precaution to prevent accidental lockout from the vCenter Server.
Resolution
To resolve this issue, grant the Administrator role to another user or group before attempting to remove the local Administrators group from the vCenter Server Administrator role.
To grant the Administrator role to another user or group:
- On the vCenter Server, go to the Permissions tab, right-click and click Add Permission.
- Click Add and click on a user or group.
- Under Assigned Role, select Administrator from the dropdown menu.
- Ensure that Propagate to Child Objects is selected and click OK.
Feedback
Yes
No
Powered by
