For this example, the scenario is to create a role to be used by staff whose only function is to deploy virtual machines from templates as the need arises.

The steps in this exercise are based on the assumption that you already use a directory service like Microsoft Active Directory to administer users and groups for access to networked resources.

Use the information in Values to Use When Working with this Exercise to enter values in the example steps for defining the role and for assigning permissions to it.

Values to Use When Working with this Exercise

Item

Where Item Appears in the Interface

Value

Role Name:

In the Roles tab, select Add Role. In the Permissions tab, select the Assign Permissions dialog box and select the Assigned Role drop-down menu.

Deployer of virtual machine from template

Domain

In the Permissions tab, select the Assign Permissions dialog box, select the Select Users and Groups dialog box, and select the Domain drop-down menu.

Domain of the directory service server that contains the names or groups you want to use in this exercise

User Name

In the Permissions tab, select the Assign Permissions dialog box, the Select Users and Groups dialog box, and the Users and Groups pane.

Name from your directory service

Group Name (Optional)

In the Permissions tab, select the Assign Permissions dialog box, the Select Users and Groups dialog box, and the Users and Groups pane.

Existing group in your directory service

For information about roles and privileges, see the vSphere Security documentation.

Verify that you are logged in as a user with Administrator privileges.

Verify the users and groups exist in your organization's directory service.

1

For the role exercise, you create and define the limited role in the vCenter Server by using the vSphere Client.

2

After you create users and groups and define roles, you must assign the users and groups and their roles to the relevant inventory objects. You can assign the same permissions at one time on multiple objects by moving the objects to a folder and setting the permissions on the folder.

You can prepare a runbook for use by the staff with the role of deploying virtual machines.