1,798
edits
Changes
no edit summary
* '''Administrator''' - Provides full privileges to all aspects of VMware Server 2.0, including the ability to configure roles, permissions and privileges for all users and groups.
Obviously, a role does very little unless it is applied to a user or group of users and one or more VMware Server object. This pairing is referred to as a ''permission''. For example, assigning the ''read-only'' role to a specific user, and applying that to an inventory object is essentially creating a permission.
== Creating, Modifying and Removing Roles ==
As previously outlined, a role is a collection of privileges brought together in a named group. It In addition to the three pre-defined system roles, it is also possible to construct custom roles from a wide range of privileges. To create a custom role, log into the VI Web Access interface as a user with administrative privileges, and select the ''Administration -> Manage Roles'' menu option to invoke the ''Manage Roles'' dialog. Once displayed, this dialog will list any existing roles. To create a new role, click on the ''Add'' button to launch the ''New Authorization Role'' dialog as illustrated below:
In the ''New Authorization Role'' dialog, enter a name for the new role in the field provided and then construct the role by enabling the required privileges. Note that each category may may be selected in its entirety by selecting the category. Alternatively, unfold a category sub-tree and select from individual privileges. When the required privileges have been selected, click on OK to create the new role, at which point the role will appear in the list under the specified name.
To modify a role, select it from the list in the ''Manage Roles'' dialog and click on the ''Modify'' button. In the ''Edit existing roles'' dialog, make the necessary changes to the privilege selections, rename the role if necessary and click on ''OK'' to commit the modifications.
An existing role may be removed from the system by selecting it from the ''Manage Roles'' dialog and clicking on the ''Remove'' button. If the selected role is currently assigned to users or groups a dialog appears provided the choice to remove the role entirely together with any associated permissions, or to re-assign permissions to another pre-existing role.
== Creating, Modifying and Removing Permissions ==
To complete the permission creation process, select either a pre-existing role, or select the required combination of privileges. If the permission is to apply to all child objects of the select object, ensure that the ''Grant this permission to all child objects'' option is selected. Click ''OK'' when completed.
To modify a permission, select the associated host or virtual machine from the ''Inventory'' panel, click on the ''Permissions'' tab, select he the required permission from the list and click the ''Edit Permission'' link in the ''Commands'' panel. In the ''Edit Permissions'' dialog make the changes necessary (including assigning the permission to a different user or group, or associating the permission with a different role) and click on ''OK'' to commit the modifications.
To remove a permission, repeat the steps outlined above, selecting the ''Remove Permission'' link in place of the ''Edit Permission'' link.
