This page describes how to configure new user with limited permissions
to be used with virt-who
.
Log into VMWare(c) vSphere Web Client
using account with administrator privileges (for example Administrator@vsphere.local
).
In the left menu, select Administration
.
In the Single Sign-On
group, select Users and Groups
.
Use plus
button to create new user.
Fill in User name
and Password
that will be used by virt-who.
Optionally, add a new role for virt-who.
Set access to the vCenter for this user.
Use your favorite tool to add new Active Directory user, for example, run Active Directory Users and Computers
program on Windows
machine with user that has right to add users into domain.
VMWare(c) vCenter
Log into VMWare(c) vSphere Web Client
using account with administrator privileges (for example Administrator@vsphere.local
).
In the left menu, select Administration
.
In the Single Sign-On
group, select Configuration
.
Go to Identity Sources
tab. Using the plus
button, add the Active Directory as identity source.
Optionally, add a new role for virt-who.
Set access to the vCenter for this user.
This step is not necessary, you use build-in Read-only
role instead of creating a new role for virt-who.
Log into VMWare(c) vSphere Web Client
using account with administrator privileges (for example Administrator@vsphere.local
).
In the left menu, select Administration
.
In the Access Control
group, select Roles
.
Create new role using the plus
button. Do not select any privilege for this user.
Select vCenter
in the home menu.
Select vCenter
you want the new user to have access.
Go to Manage
, Permissions
in the vCenter Server.
Open Add Permission
dialog by pressing the plus
button.
Select newly created user after clicking on the Add...
button.
Make sure you select proper Domain from the combo box.
VSPHERE.LOCAL
is for local vSphere user, otherwise use proper domain name.
In the right side of the dialog, select either Read-only
role, or role from previous section.
You can deny access of the virt-who user to some resources by assigning its role to No access
for selected resources.
Let's forbid the virt-who user from accessing one Datacenter
. You can apply this procedure to hosts/virtual machines/vCenter servers/Datacenters/etc.
Go to the datacenter configuration and select Manage
and Permissions
tabs.
Assign role No access
to the virt-who user.
Remember that roles are by default inherited from parent node in the vSphere hierarchy.