VMware vCenter Server 5.5.x
VMware vCenter Server 6.0.x
VMware vCenter Server 5.1.x
VMware vCenter Server 4.1.x
VMware vCenter Server 4.0.x
VMware VirtualCenter 2.5.x
VMware vCenter Server 5.0.x
VMware vCenter Server 7.0.x
vSphere client connections to vCenter servers are authenticated through local or domain Windows accounts.
If you are logged in as a user that is member of the administrators group you have full access to the vCenter Server at every object level by default. If you are member of another group that was granted read only or restrictive rights to a particular object, the most restrictive permission applies on that object, overriding the administrator permission that may have been propagated from a higher level.
Permission scenarios:
To resolve this issue, isolate the restrictive group or user permission and remove it.
You may need to create a local test user account on the Windows server running the vCenter Server, remove this user from the Windows users group, grant this user the Administrator role within vCenter Server at the highest level, and set the permission to propagate. You can then log in with this test account using the vSphere Client to the vCenter Server and remove any conflicting permissions.