A user is an individual authorized to log in to an ESXi or vCenter Server system.
vSphere does not explicitly restrict users with the same authentication credentials from accessing and taking action within the vSphere environment simultaneously.
You can manage users defined on the vCenter Server system and users defined on individual hosts separately.
- Manage users defined on ESXi with the vSphere Web Services SDK or vicfg-user.
- Manage vCenter Server users with the vSphere Web Client or the vSphere Web Services SDK.
Even if the user lists of a host and a vCenter Server system appear to have common users, for example, a user called devuser, these users are separate users with the same name. The attributes of devuser in vCenter Server, including permissions, passwords, and so forth, are separate from the attributes of devuser on the ESXi host. If you log in to vCenter Server as devuser, you might have permission to view and delete files from a datastore. If you log in to an ESXi host as devuser, you might not have these permissions.
Users authorized to work directly on an ESXi host are added to the internal user list when ESXi is installed or can be added by a system administrator after installation. You can use vicfg-user to add users, remove users, change passwords, and configure permissions.
Each ESXi host has several default users.
- The root user has full administrative privileges. Root users can control all aspects of the host that they are logged on to. Root users can manipulate permissions, create users on ESXi hosts, work with events, and so on.
- The
vpxuseruser is a vCenter Server entity with root rights on the ESXi host, allowing it to manage activities for that host. The system createsvpxuserwhen an ESXi host is attached to vCenter Server.vpxuseris not present on the ESXi host unless the host is being managed through vCenter Server. - Other users might be defined by the system, depending on the networking setup and other factors.
Create, Modify, and Delete Users
The following example scenario illustrates some of the tasks that you can perform. Specify one of the options listed in Connection Options for vCLI Host Management Commands in place of <conn_options>.
- List the existing users.
vicfg-user <conn_options> -e user -o list
The list displays all users that are predefined by the system and all users that were added later.Important: The command lists a maximum of 100 users. - Add a new user, specifying a login ID and password.
vicfg-user <conn_options> -e user -o add -l user27 -p 27_password
The command creates the user. By default, the command autogenerates a UID for the user. - List the users again to verify that the new user was added and a UID was generated.
vicfg-user <conn_options> -e user -o list USERS ------------------- Principal -: root Full Name -: root UID -: 0 Shell Access -> 1 ------------------- ... -------------------- Principal -: user27 Full Name -: UID -: 501 Shell Access -> 0
- Modify the password for user
user27.vicfg-user <conn_options> -e user -o modify -l user27 -p 27_password2
The system might return Updated user user27 successfully. - Assign read-only privileges to the user, who currently has no access.
vicfg-user <conn_options> -e user -o modify -l user27 --role read-only
The system prompts whether you want to change the password, which might be advisable if the user does not currently have a password. Answer y or n. The system then updates the user.Updated user user27 successfully. Assigned the role read-only
- Remove the user with login ID
user27.vicfg-user <conn_options> -e user -o delete -l user27
The system removes the user and prints a message.Removed the user user27 successfully.
