Create custom role to restrict users from viewing Virtual Machines in the vCenter inventory
search cancel

Create custom role to restrict users from viewing Virtual Machines in the vCenter inventory

book

Article ID: 417071

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Need a role to be created for a user to only view vCenter > Datacenter > Cluster > ESXi hosts.
  • A user logging in to vCenter should not be able to view the Virtual Machines in the inventory.

Environment

  • VMware vCenter Server 7.x
  • VMware vCenter Server 8.x

Resolution

  1. Login to vCenter UI.
  2. Navigate to Menu > Administration > Roles
  3. There is a pre-defined role named "Read-only"
  4. This role can be used to achieve the requirement or clone this role and give a custom name
  5. Add the user on the vCenter > Permissions > Assign the "Read-only" role or custom created role. Do not select "Propagate to children"
  6. Repeat the above step for:
    • Datacenter > Permissions tab
    • Cluster > Permissions tab
    • ESXI host > Permissions tab
  7. A user logging in with the above permissions will be able to view vCenter, Datacenter, Cluster and ESXi hosts but not the Virtual Machines
Powered by Wolken Software