VMware Cloud Community
stup9togo
Contributor
Contributor
‎10-07-2011 02:54 AM

Setting administrator permissions on a Cluster

Hi,

Does anybody know if it is possible to grant a user full administrator permissions on a cluster without comprimising VMs outside this cluster?

At 1st i thought it would be a case of granting the user administrator rights on the cluster but the user soon found out that certain functions were restricted i.e changing network label on VM and datastore interaction.

So I decided to make the user an administrator of the datacenter and restrict access to the clusters I didn't want them accessing. This looked fine but unfrotunately if the user goes VM & templates they have full access to all VMs.

For VMs it seems the administrator permission in the datacenter overrides the no access permission on the other clusters.

Scenario

Hosts & Clusters Permissions

Datacenter----- User (administrator)

  Cluster1----- User (administrator)

  Cluster2----- User (No Access)

  Cluster3----- User (No Access)

VM & Templates permissions

Datacenter----- User (administrator)

  VM in Cluster1----- User (administrator)

  VM in CLuster2----- User (administrator & No Access)

  VM in Cluster3----- User (administrator & No Access)

Any help much appreciated.

Cheers

Stuart

0 Kudos
2 Replies
Troy_Clavell
Immortal
Immortal
‎10-07-2011 06:21 AM

you need to remove the users from the administrator role at the datacenter level, otherwise those permissions just funnel down.  If you only want permissions on certain clusters, set them at the cluster level.

0 Kudos
MindaugasVaiciu
Enthusiast
Enthusiast
‎10-08-2011 10:55 AM

I had similiar issue, had to delegate cluster to other administrator.

After delegation only on cluster level, he couldn`t create new VM, some permissions on datacenter level were needed.

So i created a separete datacenter with cluster in it and delegated admnistrators rights.

I think it`s good decision because distributed swiches are created on datacenter level.

0 Kudos