A permission grants a user or a group the rights to perform the actions specified in the role for the inventory object to which the role is assigned. Objects include datacenters, clusters, ESX/ESXi hosts, vApps, resource pools, VMs, clusters, datastores, networks, and folders.
Here are the steps to assign a permission on an vCenter Server object using vSphere Web Client:
1. Select an object from the inventory and go to Manage > Permissions. In the Permissions window, click the green plus sign:
2. The Add Permission window opens. Click Add to select a user or group:
3. Choose the domain, find the desired user, and click Add:
In the picture above you can see that we’ve selected our AD domain named MYDOMAIN and the user jdoe.
4. Next, you need to assign a role to the user. Select the desired role on the right. Notice that you can force the permission to propagate down the object hierarchy by checking the Propagate to children check box:
The new permission should now appear in the Permissions tab: