Example 3: User Role Overriding Group Role

This example illustrates how the role assigned directly to an individual user overrides the privileges associated with a role assigned to a group.

In this example, permissions are defined on the same object. One permission associates a group with a role, the other permission associates an individual user with a role. The user is a member of the group.

Role 1 can power on virtual machines.
Group A is granted Role 1 on VM Folder.
User 1 is granted No Access role on VM Folder.

User 1, who belongs to group A, logs on. The No Access role granted to User 1 on VM Folder overrides the role assigned to the group. User 1 has no access to VM Folder or VMs A and B.

Figure 1. Example 3: User Permissions Overriding Group Permissions

An example of user permissions overriding group permissions.