You can create vCenter Server custom roles to suit the access control needs of your environment. You can create a role from scratch or clone an existing role.
You can create or edit a role on a vCenter Server system that is part of the same vCenter Single Sign-On domain as other vCenter Server systems. The VMware Directory Service (vmdir) propagates the role changes that you make to all other vCenter Server systems in the group. Assignments of roles to specific users and objects are not shared across vCenter Server systems.
Prerequisites
Procedure
What to do next
You can now create permissions by selecting an object and assigning the role to a user or group for that object.