To create a permission, you assign a user or group and a role to an object.

The available users and groups include local users and groups on the host system. For Workstation, users and groups in the Windows domain that the host system belongs to are also included. For remote hosts that vCenter Server manages, users and groups in the Windows domain list that vCenter Server references are also included.

The object of a permission can be a shared or remote virtual machine, the Shared VMs item, or a remote host. For remote hosts that vCenter Server manages, you can also set permissions on datacenters and folders within datacenters.

When you add a permission, you can indicate whether the permission propagates down the object hierarchy. Propagation is not universally applied. Permissions that you define for a child object always override the permissions that propagate from parent objects.

Note

You cannot use Workstation to create, remove, or modify users and groups. To manage users and groups, use the mechanisms that the host operating system provides.

Verify that you know the default roles. See Default System Roles.

If you are setting a permission on a remote object, connect to the remote server. See Connect to a Remote Server.

1

Open the Permissions dialog box.

Option

Description

If the object is a shared or remote virtual machine

Right-click the object and select Manage > Permissions.

If the object is a remote host, datacenter, or folder

Right-click the object and select Permissions.

2

Click Add.

3

Select the location of the user or group from the Domain drop-down menu.

If you select (server), only local users and groups appear in the list.

4

Select the name of the user or group from the list.

You can type a name in the search box to filter the users and groups in the list.

5

Add the permission.

Option

Description

Windows host

Click Add, select the user or group, select a role from the drop-down menu under Assigned Role, and click OK.

Linux host

Select a role from the Role drop-down menu and click Add.

On a Linux host, the permission is added immediately. On a Windows host, the permission is not added until you click OK.

6

(Optional) If you do not want to propagate the permission to child objects, deselect the Propagate check box next to the new permission.

If the object is a shared or remote virtual machine and you deselect the Propagate check box, you must confirm that the user can have read-only access to the host. Users must have read-only access to the host on which a virtual machine is running to access the virtual machine through Workstation.

The propagation setting takes effect immediately.

7

(Windows host only) Click OK to add the permission.