You can create vCenter Server custom roles to suit the access control needs of your environment. You can create a role from scratch or clone an existing role.
You can create or edit a role on a vCenter Server system that is part of the same vCenter Single Sign-On domain as other vCenter Server systems. The VMware Directory Service (vmdir) propagates the role changes that you make to all other vCenter Server systems in the group. Assignments of roles to specific users and objects are not shared across vCenter Server systems.
Verify that you are logged in as a user with Administrator privileges.
- Log in to vCenter Server.
- Select Home and click .
- Create the role:
To create the role from scratch
Click the Create role button.
To create the role by cloning
Select a role, and click the Clone role button.
See vCenter Server System Roles for more information.
- Type a name for the new role.
- Select and deselect privileges for the role.
See Defined Privileges for more information.
- Click OK.
What to do next
You can now create permissions by selecting an object and assigning the role to a user or group for that object.