vCenter 6.x permission settings and inheritance
search cancel

vCenter 6.x permission settings and inheritance


Article ID: 322860


Updated On:


VMware vCenter Server


This article sheds additional light on tech pubs article - Hierarchical Inheritance of Permissions

This article explains how permission inheritance works on various objects and how it is propagated.


VMware vCenter Server 6.5.x
VMware vCenter Server 6.7.x
VMware vCenter Server 6.0.x
VMware vCenter Server Appliance 6.0.x
VMware vCenter Server Appliance 6.5.x
VMware vCenter Server Appliance 6.7.x


This article talks about how permission implementation works when there are different roles applied to different objects in vCenter inventory.
If there is a need to manage different objects with a different set of roles, the hierarchy needs to be understood.

For example: 

If a user is a part of 2 roles and is given the administrative role on the vCenter object and limited access at a cluster level, the child objects in a cluster will be a union of both the roles assigned to the user. 

We can Manage the same user and attain apt permissions if applied to Datacenter. 

In this example, Datacenter is the parent and vCenter is the grandparent. 

Objects within Cluster like resource pool and Virtual Machines also inherit permissions from alternate parents such as host folder and VM folder. 

If a role is applied to a Virtual Machine which is the ultimate object in the inventory, it will take effect regardless of other roles applied but the role should be added to vCenter permissions.