Use this procedure to manage role, user account, and active directory permission profiles that are grouped as part of the security host profile.

About this task

You can configure the host profile options, part of the security profile, by using the vSphere Web Client.


Make sure that you have the SecurityConfigProfile plugin available to validate the role, user account, and active directory permission profiles as there are dependencies between them.


  1. From the vCenter Server node, select the Hosts & Clusters tab.
  2. Click the Host Profiles tab and select a host profile.
  3. Under the Configure tab, click the Edit Host Profile option.

    The Edit Host Profile wizard is present.

  4. Locate the Edit host profile step and unfold the Security and Services profile category.
  5. Select the Security Settings and open the Security folder.

    You are present with the following profiles:


    This profile allows you to view default roles and add custom roles within the ESXi system.

    User Configuration

    This profile allows you to create and manage user accounts.

    Here are some of the operations that you can perform for user accounts:

    • Configure the password for the root user.

    • Configure the role for any user that is not the default one.

    • Assign custom roles (configure permissions) for local account.

    • Configure the SSH key for any user.

    Active Directory Permission

    This profile allows you to manage permissions for active directory users or groups. For example, you can create permissions that associate an active directory user or a group with a role.

    When an ESXi host joins the active directory domain, an Admin permission is created for the DOMAIN group ESX Admins. Also, when an active directory user or group is given some permissions on the ESXi host, a corresponding permission is created on that host. The Active Directory Permission profile captures that permission.

    For information on the security profile, see the vSphere Security documentation.