To suit the access control needs of your environment, you can create vCenter Server custom roles. You can create a role or clone an existing role.

You can create or edit a role on a vCenter Server system that is part of the same vCenter Single Sign-On domain as other vCenter Server systems. The VMware Directory Service (vmdir) propagates the role changes that you make to all other vCenter Server systems in the group. Assignments of roles to specific users and objects are not shared across vCenter Server systems.

Prerequisites

Verify that you are logged in as a user with Administrator privileges.

Procedure

  1. Log in to the vCenter Server by using the vSphere Client.
  2. Select Administration and click Roles in the Access Control area.
  3. Create the role:
    Option Description
    To create a role Click New.
    To create the role by cloning Select a role, and click Clone.
    See vCenter Server System Roles for more information.
  4. Enter a name for the new role.
  5. Select and deselect privileges for the role.
    Scroll the privilege categories and select all privileges or a subset of privileges for that category. You can show all, selected, or unselected categories. You can also show all, selected, or unselected privileges.
    See Defined Privileges for more information.
    Note: When creating a cloned role, you cannot change privileges. To change privileges, select the cloned role and click Edit.
  6. Click Add.

What to do next

You can now create permissions by selecting an object and assigning the role to a user or group for that object.