You can create vCenter Server custom roles to suit the access control needs of your environment. You can create a role from scratch or clone an existing role.

You can create or edit a role on a vCenter Server system that is part of the same vCenter Single Sign-On domain as other vCenter Server systems. The VMware Directory Service (vmdir) propagates the role changes that you make to all other vCenter Server systems in the group. Assignments of roles to specific users and objects are not shared across vCenter Server systems.

Prerequisites

Verify that you are logged in as a user with Administrator privileges.

Procedure

  1. Log in to vCenter Server.
  2. Select Home and click Administration > Roles.
  3. Create the role:
    Option Description
    To create the role from scratch Click the Create role button.
    To create the role by cloning Select a role, and click the Clone role button.
    See vCenter Server System Roles for more information.
  4. Type a name for the new role.
  5. Select and deselect privileges for the role.
    See Defined Privileges for more information.
  6. Click OK.

What to do next

You can now create permissions by selecting an object and assigning the role to a user or group for that object.