1,798
edits
Changes
no edit summary
The security features of VMware Server are designed to both control access to the VI Web Access management interface, and to restrict the activities that may be performed once a user has successfully logged in.
Access to the VI Web Access interface is controlled by the login screen which is present presented when a web browser connects to the VMware Server system. Rather than duplicate functionality, VMware Server leverages the login and password mechanism offered by the host operating system. This level of security works in conjunction with VMware Server specific roles and permissions, defined by an administrator, which govern permitted actions once the user is logged in.
As such, a user can only log into the VI Web Access interface if they have a valid login and password on the system hosting VMware Server 2.0. In addition, the user must have been assigned the appropriate login permissions by a VMware Server administrator (by default, all users on the host system are configured to have ''no access''). The first administrator was created during the VMware Server 2.0 installation process, though other users may be assigned administrative privileges through the VI Web Access interface.
== Understanding Privileges, Roles and Permissions ==
Once a user has successfully logged into the VI Web Access interface, the next level of security involves the use of ''privileges'', ''roles '' and ''permissions '' to control the actions which the user can perform and the information to which access is permitted.
A ''privilege '' provides the right to perform a particular task on a specific VMware Server object within an object category. For example, a user may be given the privilege to power off a virtual machine.
''Roles '' are essentially a number of privileges grouped together and given a name which can then be assigned to users and groups on specific objects or categories. For example, a group of privileges may be bundled into a role for trainee administrators which allows them power virtual machines on and off, but not to remove them from the inventory. VMware Server is supplied with a three pre-defined roles:
* '''No Access''' - The default role for users other than the administrator. Denies access to the VI Web Access interface. Attempts to log in will be met with a ''You do not have permissions to login to the server'' message.
== Creating, Modifying and Removing Roles ==
As previously outlined, a role is a collection of privileges brought together in a named group. It addition to the three pre-defined system roles, it is also possible to construct custom roles from a wide range of privileges. To create a custom role, log into the VI Web Access interface as a user with administrative privileges, and select the ''Administration -> Manage Roles'' menu option to invoke the ''Manage Roles'' dialog which . Once displayed, this dialog will list any existing roles. To create a new role, click on the ''Add'' button to launch the ''New Authorization Role'' dialog as illustrated below:
In the ''New Authorization Role'' dialog, enter a name for the new role in the field provided and then construct the role by enabling the required privileges. Note that each category may may be selected in its entirety by selecting the category. Alternatively, unfold a category sub-tree and select from individual privileges. When the required privileges have been selected, click on OK to create the new role, at which point the role will appear in the list under the specified name.
To modify a role, select it from the list in the ''Manage Roles'' dialog and click on the ''Modify'' button. In the ''Edit existing roles'' dialog, make the necessary changes to the privilege selections, rename the role if necessary and click on ''OK'' to commit the modifications.
