A user is an individual authorized to log in to either an ESX host or vCenter Server.

ESX users fall into two categories: those who can access the host through vCenter Server and those who can access by directly logging in to the host from the vSphere Client, vSphere Web Access, a third-party client, or a command shell.

Authorized vCenter Server users

Authorized users for vCenter Server are those included in the Windows domain list that vCenter Server references or are local Windows users on the vCenter Server host.

You cannot use vCenter Server to manually create, remove, or otherwise change users. You must use the tools for managing your Windows domain. Any changes you make are reflected in vCenter Server. However, the user interface does not provide a user list for you to review.

Direct-access users

Users authorized to work directly on an ESX host are those added to the internal user list by a system administrator.

An administrator can perform a variety of management activities for these users, such as changing passwords, group memberships, and permissions as well as adding and removing users.

The user list that ESX maintains locally is separate from the users known to vCenter Server, which are either local Windows users or users that are part of the Windows domain. Even if the lists appear to have common users (for instance, a user called devuser), treat these users separately. If you log in to vCenter Server as devuser, you might have permission to view and delete files from a datastore, whereas if you log in to an ESX host as devuser, you might not. If Active Directory authentication has been configured on the host, then the same Windows domain users known to vCenter Server will be available on the ESX host.

Because of the confusion that duplicate naming can cause, check the vCenter  Server user list before you create ESX host users to avoid duplicating names. To check for vCenter Server users, review the Windows domain list.