Access control system

vCenter Server uses a structured security model to enable users to manage portions of a vSphere infrastructure. This access control system allows you to specify which users and groups can perform which tasks on which objects. The model consists of the following components:

  • privilege – defines an action that can be performed on an inventory object, such as powering on a virtual machine, configuring a network, creating an alarm, etc.
  • role – a collection of privileges. ESXi comes with some built-in roles (such as Read-Only or Administrator), and you also create your own roles.
  • object – the target of the action
  • user or group – a user or a group that can perform the action.
  • permission – a combination of a role, a user or a group and an object. A permission is created by pairing a role with a user or group and associating it with an object.
Geek University 2022