Root users can only perform activities on the specific host that they are logged in to.

For security reasons, you might not want to use the root user in the Administrator role. In this case, you can change permissions after installation so that the root user no longer has administrative privileges. Alternatively, you can remove the access permissions for the root user. (Do not remove the root user itself.)


If you remove the access permissions for the root user, you must first create another permission at the root level that has a different user assigned to the Administrator role.


In vSphere 5.1, only the root user and no other user with administrator privileges is permitted to add a host to vCenter Server.

Assigning the Administrator role to a different user helps you maintain security through traceability. The vSphere Client logs all actions that the Administrator role user initiates as events, providing you with an audit trail. If all administrators log in as the root user, you cannot tell which administrator performed an action. If you create multiple permissions at the root level—each associated with a different user—you can track the actions of each administrator.