This example illustrates how the role assigned directly to an individual user overrides the privileges associated with a role assigned to a group.

In this example, permissions are defined on the same object. One permission associates a group with a role, the other permission associates an individual user with a role. The user is a member of the group.

  • Role 1 can power on virtual machines.
  • Group A is granted Role 1 on VM Folder.
  • User 1 is granted No Access role on VM Folder.

User 1, who belongs to group A, logs on. The No Access role granted to User 1 on VM Folder overrides the role assigned to the group. User 1 has no access to VM Folder or VMs A and B.

Figure 1. Example 3: User Permissions Overriding Group Permissions
An example of user permissions overriding group permissions.