Privilèges de CloudAdmin

Comme VMware effectue l'administration des hôtes et d'autres tâches, les administrateurs cloud n'ont pas besoin d'autant de privilèges que les administrateurs d'un centre de données sur site.

Le rôle CloudAdmin dispose d'un ensemble de privilèges généré de manière dynamique pour votre SDDC. Cet ensemble inclut la plupart des privilèges disponibles dans toutes les catégories. Pour afficher les privilèges accordés au rôle CloudAdmin, connectez-vous à vSphere Client dans le SDDC, cliquez sur Administration > Rôles, sélectionnez CloudAdmin dans la liste des rôles, puis cliquez sur PRIVILÈGES.

Vous pouvez également utiliser un extrait de code PowerShell tel que celui-ci pour récupérer la liste des privilèges du rôle CloudAdmin dans votre SDDC.

$vmcUserName = "CloudAdmin"
 
$authMgr = Get-View $global:DefaultVIServer.ExtensionData.Content.AuthorizationManager
 
Write-Host "vCenter Version: $($global:DefaultVIServer.ExtensionData.Content.About.Version)"
Write-Host "Build: $($global:DefaultVIServer.ExtensionData.Content.About.Build)"
 
($authMgr.RoleList | where {$_.Name -eq $vmcUserName}).Privilege

Le rôle CloudAdmin dispose des privilèges suivants dans SDDC version 1.18.

vCenter Version: 7.0.3, Build: 19584923
Alarm.Acknowledge
Alarm.Create
Alarm.Delete
Alarm.DisableActions
Alarm.Edit
Alarm.SetStatus
Authorization.ModifyPermissions
Authorization.ModifyRoles
CertificateManagement.Manage
Cns.Searchable
ComputePolicy.Manage
ContentLibrary.AddCertToTrustStore
ContentLibrary.AddLibraryItem
ContentLibrary.CheckInTemplate
ContentLibrary.CheckOutTemplate
ContentLibrary.CreateLocalLibrary
ContentLibrary.CreateSubscribedLibrary
ContentLibrary.DeleteCertFromTrustStore
ContentLibrary.DeleteLibraryItem
ContentLibrary.DeleteLocalLibrary
ContentLibrary.DeleteSubscribedLibrary
ContentLibrary.DownloadSession
ContentLibrary.EvictLibraryItem
ContentLibrary.EvictSubscribedLibrary
ContentLibrary.GetConfiguration
ContentLibrary.ImportStorage
ContentLibrary.ProbeSubscription
ContentLibrary.ReadStorage
ContentLibrary.SyncLibrary
ContentLibrary.SyncLibraryItem
ContentLibrary.TypeIntrospection
ContentLibrary.UpdateConfiguration
ContentLibrary.UpdateLibrary
ContentLibrary.UpdateLibraryItem
ContentLibrary.UpdateLocalLibrary
ContentLibrary.UpdateSession
ContentLibrary.UpdateSubscribedLibrary
Datastore.AllocateSpace
Datastore.Browse
Datastore.Config
Datastore.DeleteFile
Datastore.FileManagement
Datastore.UpdateVirtualMachineFiles
Datastore.UpdateVirtualMachineMetadata
Extension.Register
Extension.Unregister
Extension.Update
Folder.Create
Folder.Delete
Folder.Move
Folder.Rename
Global.CancelTask
Global.GlobalTag
Global.Health
Global.LogEvent
Global.ManageCustomFields
Global.ServiceManagers
Global.SetCustomField
Global.SystemTag
HLM.Manage
Host.Hbr.HbrManagement
InventoryService.Tagging.AttachTag
InventoryService.Tagging.CreateCategory
InventoryService.Tagging.CreateTag
InventoryService.Tagging.DeleteCategory
InventoryService.Tagging.DeleteTag
InventoryService.Tagging.EditCategory
InventoryService.Tagging.EditTag
InventoryService.Tagging.ModifyUsedByForCategory
InventoryService.Tagging.ModifyUsedByForTag
InventoryService.Tagging.ObjectAttachable
Namespaces.Configure
Namespaces.SelfServiceManage
Network.Assign
Resource.ApplyRecommendation
Resource.AssignVAppToPool
Resource.AssignVMToPool
Resource.ColdMigrate
Resource.CreatePool
Resource.DeletePool
Resource.EditPool
Resource.HotMigrate
Resource.MovePool
Resource.QueryVMotion
Resource.RenamePool
ScheduledTask.Create
ScheduledTask.Delete
ScheduledTask.Edit
ScheduledTask.Run
Sessions.GlobalMessage
Sessions.ValidateSession
StorageProfile.Update
StorageProfile.View
StorageViews.View
System.Anonymous
System.Read
System.View
Trust.Manage
VApp.ApplicationConfig
VApp.AssignResourcePool
VApp.AssignVApp
VApp.AssignVM
VApp.Clone
VApp.Create
VApp.Delete
VApp.Export
VApp.ExtractOvfEnvironment
VApp.Import
VApp.InstanceConfig
VApp.ManagedByConfig
VApp.Move
VApp.PowerOff
VApp.PowerOn
VApp.Rename
VApp.ResourceConfig
VApp.Suspend
VApp.Unregister
VirtualMachine.Config.AddExistingDisk
VirtualMachine.Config.AddNewDisk
VirtualMachine.Config.AddRemoveDevice
VirtualMachine.Config.AdvancedConfig
VirtualMachine.Config.Annotation
VirtualMachine.Config.CPUCount
VirtualMachine.Config.ChangeTracking
VirtualMachine.Config.DiskExtend
VirtualMachine.Config.DiskLease
VirtualMachine.Config.EditDevice
VirtualMachine.Config.HostUSBDevice
VirtualMachine.Config.ManagedBy
VirtualMachine.Config.Memory
VirtualMachine.Config.MksControl
VirtualMachine.Config.QueryFTCompatibility
VirtualMachine.Config.QueryUnownedFiles
VirtualMachine.Config.RawDevice
VirtualMachine.Config.ReloadFromPath
VirtualMachine.Config.RemoveDisk
VirtualMachine.Config.Rename
VirtualMachine.Config.ResetGuestInfo
VirtualMachine.Config.Resource
VirtualMachine.Config.Settings
VirtualMachine.Config.SwapPlacement
VirtualMachine.Config.UpgradeVirtualHardware
VirtualMachine.GuestOperations.Execute
VirtualMachine.GuestOperations.Modify
VirtualMachine.GuestOperations.ModifyAliases
VirtualMachine.GuestOperations.Query
VirtualMachine.GuestOperations.QueryAliases
VirtualMachine.Hbr.ConfigureReplication
VirtualMachine.Hbr.MonitorReplication
VirtualMachine.Hbr.ReplicaManagement
VirtualMachine.Interact.AnswerQuestion
VirtualMachine.Interact.Backup
VirtualMachine.Interact.ConsoleInteract
VirtualMachine.Interact.CreateScreenshot
VirtualMachine.Interact.DefragmentAllDisks
VirtualMachine.Interact.DeviceConnection
VirtualMachine.Interact.DnD
VirtualMachine.Interact.GuestControl
VirtualMachine.Interact.Pause
VirtualMachine.Interact.PowerOff
VirtualMachine.Interact.PowerOn
VirtualMachine.Interact.PutUsbScanCodes
VirtualMachine.Interact.Reset
VirtualMachine.Interact.SESparseMaintenance
VirtualMachine.Interact.SetCDMedia
VirtualMachine.Interact.SetFloppyMedia
VirtualMachine.Interact.Suspend
VirtualMachine.Interact.ToolsInstall
VirtualMachine.Inventory.Create
VirtualMachine.Inventory.CreateFromExisting
VirtualMachine.Inventory.Delete
VirtualMachine.Inventory.Move
VirtualMachine.Inventory.Register
VirtualMachine.Inventory.Unregister
VirtualMachine.Namespace.Event
VirtualMachine.Namespace.EventNotify
VirtualMachine.Namespace.Management
VirtualMachine.Namespace.ModifyContent
VirtualMachine.Namespace.Query
VirtualMachine.Namespace.ReadContent
VirtualMachine.Provisioning.Clone
VirtualMachine.Provisioning.CloneTemplate
VirtualMachine.Provisioning.CreateTemplateFromVM
VirtualMachine.Provisioning.Customize
VirtualMachine.Provisioning.DeployTemplate
VirtualMachine.Provisioning.DiskRandomAccess
VirtualMachine.Provisioning.DiskRandomRead
VirtualMachine.Provisioning.FileRandomAccess
VirtualMachine.Provisioning.GetVmFiles
VirtualMachine.Provisioning.MarkAsTemplate
VirtualMachine.Provisioning.MarkAsVM
VirtualMachine.Provisioning.ModifyCustSpecs
VirtualMachine.Provisioning.PromoteDisks
VirtualMachine.Provisioning.PutVmFiles
VirtualMachine.Provisioning.ReadCustSpecs
VirtualMachine.State.CreateSnapshot
VirtualMachine.State.RemoveSnapshot
VirtualMachine.State.RenameSnapshot
VirtualMachine.State.RevertToSnapshot
VirtualMachineClasses.Manage
Vsan.Cluster.ShallowRekey
vService.CreateDependency
vService.DestroyDependency
vService.ReconfigureDependency
vService.UpdateDependency
vSphereDataProtection.Protection
vSphereDataProtection.Recovery

Pour plus d'informations sur les autorisations accordées par chaque privilège, reportez-vous à la référence Privilèges définis de vSphere.