Assign Custom Role in VMWare using vSphere Web Client and vCenter Server

In the post, we’ll learn the steps to assign custom role in VMWare using vSphere Web Client and vCenter Server. Every Organization requires custom roles to be created with custom privileges to delegate control to VMWare Administrators. There are multiple pre-defined roles available in VMWare ESXi e.g. no access, read-only, Administrator, etc. VMWare Administrator can either use pre-defined roles or custom roles to define or delegate permissions.

In the old post, we learned the steps to create custom roles using vSphere Web Client, please ensure you go through this article before starting with this tutorial. We also learned the steps to install VMWare ESXi Server and steps to install and configure VMWare vCenter Server.

Steps to assign Custom Role in VMWare using vSphere Web Client and vCenter Server

Step 1:
Login to vCenter Server and open vSphere Web Client.
Click on Hosts and Clusters.

Assign Custom Roles using vSphere Web Client (1)

Step 2:
To define the Global Permission, select vCenter Server.
Select Manage tab and select Permissions.
Click on + sign to assign custom role in VMWare.

Assign Custom Roles using vSphere Web Client

Step 3:
To assign pre-defined or custom role to users or groups, click on Add. I would recommend to always add Group, it would help management easy. However for this practical, we have used user and not group.

Assign Custom Roles using vSphere Web Client

Step 4:
Please ensure that Domain Name is selected.
Select the User or group to whom you want to assign role or delegate permission.
Click on Add and then click on Ok.

Assign Custom Roles using vSphere Web Client

Step 5:
Once the user or group is added.
On the right hand side under “Assigned Role”, select the role that you want to assign.
Over here we can see all the Pre-defined and custom Role. (Steps to create custom Roles)
Once the role is selected, click OK to close the window.
Check the option “Propagate to children”, this option would assign privileges to this object and all the child objects.

Assign Custom Roles using vSphere Web Client

Step 6:
This would assign custom role in VMware using vSphere Web Client.

Assign Custom Roles using vSphere Web Client

Steps to assign permission using VMware vCenter Server

VCenter Server is an alternate way to assign and define permissions. VMware is planning to deprecate VMWare Infrastructure client therefore please ensure you do most of the practice on VMWare Web Client.

Step 1:
Login to VMware vCenter Server.
Select the resource on which you want to assign permission or delegate permission.
Click on Permissions tab.
Another way is to right click on the resource and click on “Add Permission”.

Assign Custom Roles using vSphere Web Client

Step 2:
On the assign permission window, click on Add.

Assign Custom Roles using vSphere Web Client

Step 3:
Please ensure correct Domain name is selected.
Select the Domain user to whom you want to assign permission. (Steps to create Domain Users)
Click on Add and then click on Ok.

Assign Custom Roles using vSphere Web Client

Step 4:
Once the Domain User is added select the role that you want to assign.
Check the option “Propagate to Child Objects”, if you want permissions to be assigned to this object and all the child objects.
For this practical, we’ll assign “Custom Role” permission to Domain user Raakesh. This Custom Role only defines the permission to Power-On or Power-Off Virtual machines. (Steps to deploy VM using template)
Click on Ok to close the Window.

Assign Custom Roles using vSphere Web Client

Step 5:
We have successfully assigned Administrators rights to Domain Administrator and CustomRole permissions to Domain user Raakesh.

Assign Custom Roles using vSphere Web Client

Verify Delegated Permissions using VMWare vCenter Server

As we have already assigned CustomRole permissions to Domain User. Let’s verify to confirm if delegated permissions are working as defined or not.

Steps to add VMware ESXi to vCenter Server

Step 1:
Login to vCenter Server as a Domain user itingredients\raakesh.
Once we are logged in as Domain user, let’s try to Create New Virtual Machine.
Click on “Create new Virtual Machine” to create new Virtual Machine.

Delegate Permission in VMWare vCenter Server

Step 2:
An error “You do not have Privilege Resource”, confirms that this user don’t have permissions to create Virtual Machine because the only privilege that we have defined is to Power-On and Power-Off the Virtual Machine.

Delegate Permission in VMWare vCenter Server

Step 3:
This confirms that this user only has custom permissions to Power-On and Power-Off Virtual Machine. All other options are grey out. Similarly you can define other privileges and delegate permissions.

Delegate Permission in VMWare vCenter Server

We’ll conclude this tutorial with this. Hope you enjoyed this article and understood the steps to assign custom and pre-defined roles to Domain Users. Please feel free to leave your comments and suggestions in the comment section.