For ESXi and vCenter Server, permissions are defined as access roles that consist of a user and the user’s assigned role for an object such as a virtual machine or ESXi host.

Most vCenter Server and ESXi users have limited ability to manipulate the objects associated with the host. Users with the Administrator role have full access rights and permissions on all virtual objects such as datastores, hosts, virtual machines, and resource pools. By default, the Administrator role is granted to the root user. If vCenter Server manages the host, vpxuser is also an Administrator user.

The list of privileges is the same for both ESXi and vCenter Server, and you use the same method to configure permissions.

You can create roles and set permissions through a direct connection to the ESXi host. Because these tasks are widely performed in vCenter Server, see the VMware vSphere Datacenter Administration Guide for information on working with permissions and roles.