Access control system
vCenter Server uses a structured security model to enable users to manage portions of a vSphere infrastructure. This access control system allows you to specify which users and groups can perform which tasks on which objects. The model consists of the following components:
- privilege – defines an action that can be performed on an inventory object, such as powering on a virtual machine, configuring a network, creating an alarm, etc.
- role – a collection of privileges. ESXi comes with some built-in roles (such as Read-Only or Administrator), and you also create your own roles.
- object – the target of the action
- user or group – a user or a group that can perform the action.
- permission – a combination of a role, a user or a group and an object. A permission is created by pairing a role with a user or group and associating it with an object.