Managing Groups with vicfg-user
You can efficiently manage some user attributes by creating groups. A group is a set of users that you manage through a common set of permissions.
A user can be a member of more than one group. When you assign permissions to a group, all users in the group inherit those permissions. Using groups can reduce the time it takes to set up your permissions model. The group list in an ESXi host is extracted from a host-maintained table. You can change the group list by using the vSphere Client or vCLI.
Use the vicfg-user vCLI command.
Before you can add users to a group, you must create the group by using the vicfg-user add command, as in the following examples. Specify one of the options listed in Connection Options in place of <conn_options>.
Add group40 to the existing groups. If you do not specify a group ID, the system assigns an ID for the group.
vicfg-user <conn_options> -e group -o add -d group40 -D 55
vicfg-user <conn_options> - -entity group - -operation add - -group group42
- -groupid 4242 - -role read-only
You can then add and remove users from the group, as in the following example scenario. Specify one of the options listed in Connection Options in place of <conn_options>.
To add and remove users from groups
1
Add a user with user name test to a group group42.
vicfg-user <conn_options> -e group -o modify -d group42 --adduser test
You must specify the user name to add a user to a group. The user ID is not acceptable.
2
Add users with user names u1, u2, and u3 to group45, which has read-only privileges.
vicfg-user <conn_options> -e group -o modify -d group45 --adduser u1,u2,u3
3
vicfg-user <conn_options> -e group -o modify -d group45 --removeuser u3
4
vicfg-user <conn_options> -e group -o delete -d group45
You can only remove groups that do not have users.