Assigning the ‘Read-Only’ Role to a Local/Domain User to vCenter

In order to ensure that the eG agent uses one/more vCenters in the target environment to auto-discover VMs and to report statistics revealing the relative performance of the VMs (i.e., the outside view), all the tests that the agent executes should be configured with the IP address of the vCenter server to be used; also, the name and password of a user with ‘Read-only’ privileges to vCenter should be provided.

Given below are the steps to be followed for assigning the ‘Read-Only’ role to a local/domain user to vCenter:

  1. Login to a system on which the VMware Infrastructure Client is installed.
  2. Double-click on the VMware Infrastructure Client icon on your desktop.
  3. A login screen then appears (see Figure 1). To connect to the vCenter, select the IP address / Name of the vCenter, and then provide the login information. To grant access permissions to a user, you will have to login to vCenter as a user with rights to grant permissions to other users. Therefore, provide the User name and Password of such a user in the login screen.

    Figure 1 : The login screen

  4. The VMware Infrastructure Client console then opens (see Figure 2). This console has a tree-structured listing of datacenters, clusters, resource pools and ESX hosts on the left hand side and a series of tab pages on the right. Click on the top-most node of the tree in the left panel.

    Figure 2 : The VI Client console

  5. To assign ‘Read-only’ permissions to a vCenter user, first click on the Permissions tab page in the right panel (see Figure 3). The list of existing users on vCenter and the roles assigned to each of them is then displayed.

    Figure 3 : List of vCenter users and roles assigned to them

  6. Then, right-click anywhere within the tab page, and select the Add Permission option (see Figure 4). 

    Figure 4 : Selecting the Add Permission option

  7. Figure 5 then appears. Click on the Add button in Figure 5.

    Figure 5 : Clicking on the Add button

  8. Figure 6 that then appears allows you to select a local/domain user. If you want to grant a local user the right to View and stop sessions, just select <servers> from the Domain list. All valid users to the Windows system hosting the vCenter will then be listed in the Users and Groups section in Figure 6. Select one from this list (see Figure 6). To grant the same privilege to a domain user, select the domain from the Domain list, and then select a domain user from the Users and Groups section (not shown in Figure 6).

    Figure 6 : Selecting the user for whom a role is to be assigned.

  9. Upon double-clicking a user name in the Users and Groups list, the selected user name will appear against the Users box, as depicted by Figure 6.
  10. Then, click the ok button in Figure 6. Figure 7 then appears, where you will find the selected user name displayed in the Users and Groups section. To assign the read-only role to this user, select the Read-Only option from the Assigned Role list in Figure 7, and click the ok button therein.

    Figure 7 : Assigning the Read-Only role to the user

  11. Figure 8 then appears indicating the role assigned to the newly created user.

Figure 8 : The new user and the role assigned to the user being displayed