A user is an individual authorized to log in to either an ESXi host or vCenter Server.

ESXi users fall into two categories: those who can access the host through vCenter Server and those who can access by directly logging in to the host from the vSphere Client, a third-party client, or a command shell.

Authorized vCenter Server users

Authorized users for vCenter Server are those included in the Windows domain list that vCenter Server references or are local Windows users on the vCenter Server host.

You cannot use vCenter Server to manually create, remove, or otherwise change users. You must use the tools for managing your Windows domain. Any changes you make are reflected in vCenter Server. However, the user interface does not provide a user list for you to review.

Direct-access users

Users authorized to work directly on an ESXi host are those added to the internal user list by a system administrator.

An administrator can perform a variety of management activities for these users, such as changing passwords, group memberships, and permissions as well as adding and removing users.

The user list that vCenter Server maintains is separate from the user list that the host maintains. Even if the lists appear to have common users (for instance, a user called devuser), treat these users separately. If you log in to vCenter Server as devuser, you might have permission to view and delete files from a datastore, whereas if you log in to an ESXi host as devuser, you might not.

Because of the confusion that duplicate naming can cause, check the vCenter  Server user list before you create ESXi host users to avoid duplicating names. To check for vCenter Server users, review the Windows domain list.