When you edit a role, you can change the privileges selected for that role. When completed, these privileges are applied to any user or group that is assigned the edited role.

You can create or edit a role on a vCenter Server system that is part of the same vCenter Single Sign-On domain as other vCenter Server systems. The VMware Directory Service (vmdir) propagates the role changes that you make to all other vCenter Server systems in the group. Assignments of roles to specific users and objects are not shared across vCenter Server systems.


Verify that you are logged in as a user with Administrator privileges.


  1. Log in to vCenter Server with the vSphere Web Client.
  2. Select Home, click Administration, and click Roles.
  3. Select a role and click the Edit role action button.
  4. Select or deselect privileges for the role and click OK.