In vSphere, a permission consists of a user or group and an assigned role for an inventory object, such as a virtual machine or ESXi host. Permissions grant users the right to perform the activities specified by the role on the object to which the role is assigned.
For example, to configure memory for an ESXi host, a user must be granted a role that includes the Host.Configuration.Memory privilege. By assigning different roles to users or groups for different objects, you can control the tasks that users can perform in your vSphere environment.
Many tasks require permissions on more than one object.