vCenter Single Sign-On supports authentication, which means it determines whether a user can access vSphere components at all. In addition, each user must be authorized to view or manipulate vSphere objects.
vCenter Server allows fine-grained control over authorization with permissions and roles. Review first the background information about hierachical inheritance of permissions, permission validation, and related topics. You can then move on to vCenter Server User Management Tasks (vCenter User Management Tasks).