Viewing Role Assignments

Once a role, custom or otherwise is in use – its possible to view the assignment from >Home >Roles and selecting the role. From there you can see the name of the role, where it has been assigned in the vCenter inventory and which Active Directory groups have been assigned to the role.

Removing Roles

From the role interface it is possible to delete a role. Care must be taken at this point because deleting a role will also remove all its assignments. In previous editions of vSphere this wasn’t possible – and it was a requirement for first remove any roles assigned to inventory objects before removing the role.

No Access Privilege

In the best of all possible worlds roles are assigned in the vCenter Inventory and inherited down the tree structure. Occasionally, however a group or user may require less privileges or indeed no priveleges at all. For this purpose the “No Access” privelege can be used to block inheritence. For example, in this case the user MikeL who is member of the vCenter Admins group has access to the entire vCenter Inventory as this group was granted rights to the entire vCenter instance.

For more information on Role Assignments – See the VMUG wiki…