Assigning the ‘Read-Only’ Role to a Local/Domain User to vCenter

In order to ensure that the eG agent uses one/more vCenters in the target environment to auto-discover VMs and to report statistics revealing the relative performance of the VMs (i.e., the outside view), all the tests that the agent executes should be configured with the IP address of the vCenter server to be used; also, the name and password of a user with ‘Read-only’ privileges to vCenter should be provided.

Given below are the steps to be followed for assigning the ‘Read-Only’ role to a local/domain user to vCenter:

  1. Login to a system on which the VMware Infrastructure Client is installed.
  2. Double-click on the VMware Infrastructure Client icon on your desktop.
  3. A login screen then appears (see Figure 302). To connect to the vCenter, select the IP address / Name of the vCenter, and then provide the login information. To grant access permissions to a user, you will have to login to vCenter as a user with rights to grant permissions to other users. Therefore, provide the User name and Password of such a user in the login screen.

    Figure 302 : The login screen

  4. The VMware Infrastructure Client console then opens (see Figure 303). This console has a tree-structured listing of datacenters, clusters, resource pools and ESX hosts on the left hand side and a series of tab pages on the right. Click on the top-most node of the tree in the left panel.

    Figure 303 : The VI Client console

  5. To assign ‘Read-only’ permissions to a vCenter user, first click on the Permissions tab page in the right panel (see Figure 304). The list of existing users on vCenter and the roles assigned to each of them is then displayed.

    Figure 304 : List of vCenter users and roles assigned to them

  6. Then, right-click anywhere within the tab page, and select the Add Permission option (see Figure 305). 

    Figure 305 : Selecting the Add Permission option

  7. Figure 306 then appears. Click on the Add button in Figure 306.

    Figure 306 : Clicking on the Add button

  8. Figure 307 that then appears allows you to select a local/domain user. If you want to grant a local user the right to View and stop sessions, just select <servers> from the Domain list. All valid users to the Windows system hosting the vCenter will then be listed in the Users and Groups section in Figure 307. Select one from this list (see Figure 307). To grant the same privilege to a domain user, select the domain from the Domain list, and then select a domain user from the Users and Groups section (not shown in Figure 307).

    Figure 307 : Selecting the user for whom a role is to be assigned.

  9. Upon double-clicking a user name in the Users and Groups list, the selected user name will appear against the Users box, as depicted by Figure 307.
  10. Then, click the ok button in Figure 307. Figure 308 then appears, where you will find the selected user name displayed in the Users and Groups section. To assign the read-only role to this user, select the Read-Only option from the Assigned Role list in Figure 308, and click the ok button therein.

    Figure 308 : Assigning the Read-Only role to the user

  11. Figure 309 then appears indicating the role assigned to the newly created user.

Figure 309 : The new user and the role assigned to the user being displayed