Permissions and Access control with vSphere ESXi 5.0

Today, on my standalone ESXi host; I needed a local user who could Shutdown the ESXi host. The requirement was other than shutdown or reboot, the user should not be able to do anything else. To achieve this you will need a local ESXi user assigned with a custom role.

Here’s how we do it:

  1. Add a local ESXi user:
    – Select your ESXi host in the left hand side “Tree View”
    – Select “Local Users & Groups” tab from right hand side “Tab View”
    – Right Click and select “Add …”Add User Window
  2. Go to the roles panes using the shortcut “Ctrl + Shift + R”
  3. From menu select ‘Administration’ –> ‘Role’ –> ‘Add …’Add A New Role
  4. Give a name to the new role say: ‘ESX Maintenance’
  5. In ‘Edit Role …’ windows, select the following permissions:
    ‘Host’ –> Configuration –> ‘Maintenance’
    What Priviledges to select for Shutdown permission
  6. And select OK.
  7. Now assign this role to user on the ESXi Host:
    – Select your ESXi host in the left hand side “Tree View”
    – Select “Permissions” tab from right hand side “Tab View”
    – Right Click and select Add Permission …”Assign Permissions
  8. In the “Assign Permissions” window, select Add button
    – In the “Select Users & Groups” windows, select your local ESXi user
    – And click Add

    Select Users & Groups

  9. Now verify the user has got assigned the correct role:
    – Go to the roles panes using the shortcut “Ctrl + Shift + R”
    – Select your role and verify it has been assigned on the “ha-root-folder”

    Role Map

  10. That’s it. Verify you can login and shutdown your ESXi host.
Advertisements

One thought on “Permissions and Access control with vSphere ESXi 5.0

  1. Hello

    Thanks for a great article.
    However I found that I needed to add more roles.
    I needed to add “Virtual Machine” -> “Interaction” -> “Reset” & “Power On” & “Power Off”.
    I also added Suspend in my use case.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s