You can use ESXCLI commands to manage permissions.

Starting with vSphere 6.0, a set of ESXCLI commands allows you to perform the following operations.

  • Give permissions to local users and groups by assigning them one of the predefined roles.
  • Give permissions to Active Directory users and groups if your ESXi host has been joined to an Active Directory domain by assigning them one of the predefined roles.
Important: When you manage local users on your ESXi host, you are not affecting the vCenter Server users.

Manage Permissions

You can list, remove, and set permissions for a user or group, as shown in the following example.

  1. List permissions. 
    esxcli system permission list
    The system displays permission information. The second column indicates whether the information is for a user or group. 
    Principal            Is Group  Role
-----------------------------------
ABCDEFGH\esx^admins  true      Admin
dcui                 false     Admin
root                 false     Admin
vpxuser              false     Admin
test1                false     ReadOnly
  2. Set permissions for a user or group. Specify the ID of the user or group, and set the --group option to true to indicate a group. Specify one of three roles, Admin, ReadOnly or NoAccess. 
    esxcli system permission set --id test1 -r ReadOnly
  3. Remove permissions for a user or group. 
    esxcli system permission unset --id test1

Account Management

You can manage accounts by using the following commands. 

esxcli system account add
esxcli system account set
esxcli system account list
esxcli system account remove