Create custom role
Although you can use the three system roles and the six sample roles already included in vCenter Server, you might want to create create your own custom roles that will better suit your needs. The roles you define should use the smallest number of privileges possible in order to maximize your vSphere environment’s security. Also, the role name should indicate its purpose.
For example, let’s say that we want to create a role that will allow a user to create virtual machines. We can create that role using vSphere Web Client. Here are the steps:
1. From the Home screen, go to Administration > Roles and click on the Create Role icon:
2. The Create Role wizard opens. Enter the role name and assign the following privileges:
- Datastore – Allocate space
- Network – Assign network
- Resource – Assign virtual machine to resource pool
- Virtual machine > Configuration – Add new disk, Add or remove device, Memory
- Virtual machine > Interaction – All privileges
- Virtual machine > Inventory – Create new
The new role should be listed under the Roles tab: