You can create vCenter Server custom roles to suit the access control needs of your environment. You can create a role or clone an existing role.
You can create or edit a role on a vCenter Server system that is part of the same vCenter Single Sign-On domain as other vCenter Server systems. The VMware Directory Service (vmdir) propagates the role changes that you make to all other vCenter Server systems in the group. Assignments of roles to specific users and objects are not shared across vCenter Server systems.
- Log in to the vCenter Server by using the vSphere Client.
- Select Administration and click Roles in the Access Control area.
- Create the role:
Option Description To create a role Click the Create role action icon. To create the role by cloning Select a role, and click the Clone role action icon.See vCenter Server System Roles for more information.
- Select and deselect privileges for the role.
See Defined Privileges for more information.Note: When creating a cloned role, you cannot change privileges. To change privileges, select the cloned role after it is created and click the Edit role action icon.
- Enter a name for the new role.
- Click Finish.
What to do next
You can now create permissions by selecting an object and assigning the role to a user or group for that object.