When you use accounts and create and user roles, it is recommended that you follow these best practices.
Avoid using the local ‘admin’ user
All out-of-the-box content is associated with the ‘admin’ account. If the ‘admin’ user is being used, there is no tracking of changes for audit purposes. For POC, create a local account with the administrator privilege. For production, integrate with AD/LDAP.
Utilize service accounts for connection credentials
Use service accounts with meaningful names, not a coded convention where it is easy to make mistakes. For example, SG-D-VM-MG-01 is not user-friendly and prone to human errors.
To identify specific memberships, create roles and accounts
Creating specific roles helps identify personas such as storage team, network team, NOC, tenants, and IT Management.
Grant specific roles
Do not always grant Administrator role to users; use specific roles to limit the permissions.
Avoid enabling vCenter login when authenticating with AD/LDAP
To avoid confusion and translated permissions from vCenter, minimize authentication options