Adding a Custom vCenter User with Limited Scope

You can enable users, customers, or tenants to use a shared vCenter while ensuring that each user can only view and manage their own virtual machines. For this solution, each user uses a unique vCenter client instance, providing user credentials that are associated with a specific vCenter user with limited scope.

To ensure that backups and restores are successful, use the vSphere Client or Web Client to assign user permissions on each required entity. To hide resources from a user, you can assign a "No access" user role to the entity.

vCenter Server Appliance Setup

To create a user account in the vCenter Server Appliance, you must create a role with required permissions. After you create the role, add the user account and associate it with the role you defined as described in the VMware article Managing Local User Accounts in vCenter Server.

Procedure

1. In the vSphere Client, do the following:

   1. Go to Home > Administration > Roles, and then click the menu options Administration > Role > Add.

   2. Enter the name of the role (for example, cvAdmin).

   3. Select backup, restore, and VM File Recovery Plug-In privileges as described in Permissions for Custom User Accounts.

      

   4. Click OK.

2. In the vSphere Client, add permissions for a user and role at the appropriate level.

   1. Select the entity for which you are adding permissions (for example, a datacenter, host, resource pool, or virtual machine).

   2. Click the Permissions tab.

   3. Right-click in the tab and select Add Permission.

   4. Under Users and Groups, click Add, select the local VSA user on the Select Users and Groups dialog, click Add, and then click OK.

   5. Under Assigned Role, select the role from the drop-down list.

      

   6. Click OK.