You can use global permissions to give a user or group privileges for all objects in all inventory hierarchies in your deployment.

Important: Use global permissions with care. Verify that you really want to assign permissions to all objects in all inventory hierarchies.

Prerequisites

To perform this task, you must have Permissions.Modify permission privileges on the root object for all inventory hierarchies.

Procedure

  1. Log in to the vCenter Server by using the vSphere Client.
  2. Select Administration and click Global Permissions in the Access Control area.
  3. Click the Add Permission icon.
  4. (Optional) If you have configured an external identity provider such as AD FS for federated authentication, that identity provider is available to select in the Domain drop-down menu.
  5. Select the user or group that will have the privileges defined by the selected role.
    1. From the User drop-down menu, select the domain for the user or group.
    2. Type a name in the Search box.
      The system searches user names and group names.
    3. Select the user or group.
  6. Select a role from the Role drop-down menu.
  7. Decide whether to propagate the permissions by selecting the Propagate to children check box.
    If you assign a global permission and do not select Propagate to children, the users or groups associated with this permission do not have access to the objects in the hierarchy. They only have access to some global functionality such as creating roles.
  8. Click OK.