Managing vSphere permissions

Some tasks in vSphere require users to have certain permissions in order to complete successfully. When you create a private cloud, VMware Engine performs an initial setup of vSphere permissions for your ease of management. This document provides you with guidance on further managing permissions in vSphere.

Before you begin

To manage vSphere permissions for your private cloud, you must first elevate your privileges. Elevating your privileges through VMware Engine gives you the ability to perform administrative functions in vSphere.

Managing vCenter user groups

Users in the Cloud-Owner-Group group can administer various parts of the vSphere environment in the private cloud. The Cloud-Owner-Group group is automatically given Cloud-Owner-Role privileges, and the CloudOwner user is added as a member of this group.

Google creates additional groups with limited privileges for ease of management. You can add any user to these pre-created groups, and this process assigns the corresponding privileges to the user.

For a full list of pre-created vCenter user groups and their associated vCenter privileges, see Private cloud VMware vCenter permission model.

Granting management permission to individual users

To grant an individual user permissions to manage the private cloud, create a user account and add it to the appropriate groups:

  • Cloud-Owner-Group
  • Cloud-Global-Cluster-Admin-Group
  • Cloud-Global-Storage-Admin-Group
  • Cloud-Global-Network-Admin-Group
  • Cloud-Global-VM-Admin-Group

Creating new user groups

You can create additional user groups to enable access control for vCenter users. However, new user groups must have permissions that are lower than Cloud-Owner-Role. Groups with permissions higher than Cloud-Owner-Role are automatically reset to Cloud-Owner-Role.

What's next