You can use global permissions to give a user or group privileges for all objects in all inventory hierarchies in your deployment.

Important: Use global permissions with care. Verify that you really want to assign permissions to all objects in all inventory hierarchies.


To perform this task, you must have Permissions.Modify permission privileges on the root object for all inventory hierarchies.


  1. Log in to the vCenter Server by using the vSphere Client.
  2. Select Administration and click Global Permissions in the Access Control area.
  3. Click the Add Permission icon.
  4. Select the user or group that will have the privileges defined by the selected role.
    1. From the User drop-down menu, select the domain for the user or group.
    2. Type a name in the Search box.
      The system searches user names and group names.
    3. Select the user or group.
  5. Select a role from the Role drop-down menu.
  6. Decide whether to propagate the permissions by selecting the Propagate to children check box.
    If you assign a global permission and do not select Propagate to children, the users or groups associated with this permission do not have access to the objects in the hierarchy. They only have access to some global functionality such as creating roles.
  7. Click OK.