You can create vCenter Server custom roles to suit the access control needs of your environment.

If you create or edit a role on a vCenter Server system that is part of the same vCenter Single Sign-On domain as other vCenter Server systems, the VMware Directory Service (vmdir) propagates the changes that you make to all other vCenter Server systems in the group. Assignments of roles to specific users and objects are not shared across vCenter Server systems.


Verify that you are logged in as a user with Administrator privileges.


  1. Log in to vCenter Server with the vSphere Web Client.
  2. Select Home, click Administration, and click Roles.
  3. Click the Create role action (+) button.
  4. Type a name for the new role.
  5. Select privileges for the role and click OK.