I’ve been evaluating a data protection solution in the lab recently and wanted to create a custom role in vCenter for the solution to use. It’s a basic thing, but if you don’t do it often it might not be that obvious where to click. The VMware documentation site has more information on creating a custom role as well. Why would you do this? In the same way it’s a bad idea to give every service Domain Administrator privileges, it’s also a bad idea to give your data protection solutions elevated privileges in your environment. If you’re into that kind of thing, read this guidance on roles and permissions too. In this example, I created a “CohesityTest” user as a domain user in Active Directory. I then wanted to assign that user to a custom role in vCenter and assign it certain privileges. In this example I’m using vCenter 6.5 with the Web Client. The process is as follows.
Go to the Home screen in vCenter and click on “Administration”.
In this example, I’ve already created a Role called Cohesity (following the instructions above) and assigned privileges to that Role.
Click on “Global Permissions” and the click on the green plus sign.
I want to add a user to a role. Click on “Add”.
The user I want to add is a domain user, so I use the drop down box to select the domain the user resides in.
Typing “coh” into the search field yields the only user with those letters in their name.
Once the user is selected, you can click on “Add” and then “OK”.
Make sure the user has the appropriate Role assigned. In this example, I’m assigning the CohesityTest user to the Cohesity Role and propagating these changes to child objects. Click “OK”. And then you’re done.
To check your role has the correct privileges, click on “Roles”, “Role Name”, and then “Privileges” and you can expand the items to check the correct privileges are assigned.
Once I’d done this I went back and re-added the vCenter to the Cohesity environment using the CohesityTest user and I was good to go.