Overview

This page describes how to configure new user with limited permissions to be used with virt-who.

1. vSphere user

Add user in the VMWare(c) vSphere Web Client

Log into VMWare(c) vSphere Web Client using account with administrator privileges (for example Administrator@vsphere.local).

In the left menu, select Administration.

In the Single Sign-On group, select Users and Groups.

Use plus button to create new user.

Fill in User name and Password that will be used by virt-who.

Optionally, add a new role for virt-who.

Set access to the vCenter for this user.

2. Active Directory user

Add user into Active Directory

Use your favorite tool to add new Active Directory user, for example, run Active Directory Users and Computers program on Windows machine with user that has right to add users into domain.

Enable Domain in the VMWare(c) vCenter

You might skip following steps, if you've already enable the domain in your vSphere.

Log into VMWare(c) vSphere Web Client using account with administrator privileges (for example Administrator@vsphere.local).

In the left menu, select Administration.

In the Single Sign-On group, select Configuration.

Go to Identity Sources tab. Using the plus button, add the Active Directory as identity source.

Optionally, add a new role for virt-who.

Set access to the vCenter for this user.

3. Create new role for virt-who user

This step is not necessary, you use build-in Read-only role instead of creating a new role for virt-who.

Log into VMWare(c) vSphere Web Client using account with administrator privileges (for example Administrator@vsphere.local).

In the left menu, select Administration.

In the Access Control group, select Roles.

Create new role using the plus button. Do not select any privilege for this user.

4. Add the user access to the vCenter

Select vCenter in the home menu.
Select vCenter you want the new user to have access.

Go to Manage, Permissions in the vCenter Server.

Open Add Permission dialog by pressing the plus button.

Select newly created user after clicking on the Add... button. Make sure you select proper Domain from the combo box. VSPHERE.LOCAL is for local vSphere user, otherwise use proper domain name.

In the right side of the dialog, select either Read-only role, or role from previous section.

5. Limit access of virt-who user to selected resources only

You can deny access of the virt-who user to some resources by assigning its role to No access for selected resources.

Let's forbid the virt-who user from accessing one Datacenter. You can apply this procedure to hosts/virtual machines/vCenter servers/Datacenters/etc.

Go to the datacenter configuration and select Manage and Permissions tabs.

Assign role No access to the virt-who user.

Remember that roles are by default inherited from parent node in the vSphere hierarchy.