vicfg-user - manage users


vicfg-user <[conn_options>] -e <user> |-o <add | modify | delete | list> [options]

Note: The syntax of this command differs from other vSphere CLI commands.


An ESX/ESXi system grants access to its resources when a known user with appropriate permissions logs on to the system with a password that matches the one stored for that user. The vicfg-user command supports creating, modifying, deleting, and listing local direct access users on an ESX/ESXi host. You cannot run this command against a vCenter Server system.

User management is discussed in detail in the vSphere Security publication.


--adduser | -u <user_list>
Comma-separated list of users to add.
Specifies the target server and authentication information if required. Run vicfg-user --help for a list of all connection options.
--entity | -e [user]
Required. Entity to perform the operation on. When running against ESXi 5.1 or later, always user.
Prints a help message for each command-specific and each connection option. Calling the script with no arguments or with --help has the same effect.
--login | -l <login_ID>
Login ID of the user.
--newpassword | -p <password>
Password for the target user.
--newuserid | -i <UUID>
UID for the target user.
--newusername | -n <name>
User name for the target user.
--operation | -o [add | modify | delete | list]
Required. Operation to perform. Specify add, modify, delete, or list. When you list users, the command returns a maximum of 100 users.
Prompts for a password when you make a change to a user.
--role | -r [admin|read-only|no-access]
Role for the target user. Specify admin, read-only, or no-access.
--shell | -s [yes|no]
Grant shell access to the target user. Default is no shell access. Use this command to change the default, or to revoke shell access rights after they have been granted. Valid values are yes and no.
This option is supported only for ESX. The option is meaningless for ESXi.


The following examples assume you are specifying connection options, either explicitly or, for example, by specifying the server, user name, and password. Run vicfg-user --help for a list of common options including connection options.

Add a user with login ID user27:

vicfg-user <conn_options> -e user -o add -l user27 -p 27_password

Modify password, user ID, and user name for the user with login ID user27: <conn_options> -e user -o modify -l user27 -p 27_password -i <new user id> -n <new user name>

Assign the role read-only to user27 and prompt for a password.

vicfg-user <conn_options> -e user -o modify -l user27 --role read-only --promptpassword

Remove the user with user name user27:

vicfg-user <conn_options> -e user -o delete -l user27