sidebar | permalink | keywords | summary |
---|---|---|---|
sidebar |
vcenter-plugin/san-spvc-ic-user-access.html |
user access vCenter plugin, user roles vCenter plugin, privileges vCenter plugin, access permissions vCenter plugin |
Configure access permissions for Storage Plugin for vCenter. |
You can configure access permissions for the Storage Plugin for vCenter, which includes users, roles, and privileges.
To access the plugin within the vSphere Client, you must be assigned to a role that has the appropriate vSphere privileges. Users with the “Configure datastore” vSphere privilege have read-write access to the plugin, while users with the “Browse datastore” privilege have read-only access. If a user has neither of these privileges, the plugin displays an “Insufficient Privileges” message.
Plugin access type | vSphere privilege required |
---|---|
Read-Write (Configure) |
Datastore.Configure |
Read-Only (View) |
Datastore.Browse |
To provide read/write privileges for plugin users, you can create, clone, or edit a role. For more information about configuring roles in the vSphere Client, see the following topic in the VMware Doc Center:
-
From the home page of the vSphere Client, select Administrator from the access control area.
-
Click Roles from the access control area.
-
Perform one of the following actions:
-
Create new role: Click on the Create Role action icon.
-
Clone role: Select an existing role and click on the Clone Role action icon.
-
Edit existing role: Select an existing role and click on the Edit Role action icon.
-
Note
|
The Administrator role is not editable. |
The appropriate wizard appears, depending on the above selection.
-
In the Privileges list, select the access permissions to assign to this role.
To allow Read-Only access to the plugin, select Datastore › Browse datastore. To allow Read-Write access, select Datastore › Configure datastore.
-
Assign other privileges for the list if needed, and then click Next.
-
Name the role and provide a description.
-
Click Finish.
-
Name the role and provide a description.
-
Click OK to finish the wizard.
-
Select the cloned role from the list, and then click on Edit Role.
-
In the Privileges list, select the access permissions to assign to this role.
To allow Read-Only access to the plugin, select Datastore › Browse datastore. To allow Read-Write access, select Datastore › Configure datastore.
-
Click Next.
-
Update the name and description, if desired.
-
Click Finish.
-
In the Privileges list, select the access permissions to assign to this role.
To allow Read-Only access to the plugin, select Datastore › Browse datastore. To allow Read-Write access, select Datastore › Configure datastore.
-
Click Next.
-
Update the name or description, if desired.
-
Click Finish.
After setting privileges for a role, you must then add a permission to the vCenter Server Appliance. This permission allows a given user or group access to the plugin.
-
From the menu dropdown list, select Hosts and Clusters.
-
Select the vCenter Server Appliance from the access control area.
-
Click the Permissions tab.
-
Click the Add Permission action icon.
-
Select the appropriate domain and user/group.
-
Select the role created that allows for the read/write plugin privilege.
-
Enable the Propagate to Children option, if needed.
-
Click OK.
Note
|
You can select an existing permission and modify it to use the created role. However, be aware that the role must have the same privileges along with read/write plugin privileges as to avoid a regress in permissions. |
To access the plugin, you must log in to the vSphere Client under the user account that has the read/write privileges for the plugin.
For more information about managing permissions, see the following topics in the VMware Doc Center: