In this article, we will explain how to Assign User Global Permissions using vSphere Client. How to assign permission to FQDN AD administrator user’s account to access VMware vCenter. The Global Permissions feature permits users with the Administrator role to give permissions that apply across all of the assigned roles of employees.
With global permissions, users through the Administrator role can create changes to every employee’s permission directly. Please note that utilization of the Global Permissions feature isn’t recommended. You can use global permissions to provide a user or a group privilege for all objects in all inventories in your deployment. To get more details click on Add a Global Permission.
Assign User Global Permissions
Log in with VMware vSphere Client, typing vCenter username and credentials. Click on the main menu
In the menu, click on the administrator option.
On your left-hand side, expand Access Control and then click on Global Permission. Click the Add
Under the Domain drop-down menu, select your active directory domain (jamiltech.local).
In the User/Group, enter administrator and then choose administrator.
Select Administrator under role.
Select Administrator under role.
You can see FQDN successfully added, click on administrator@vsphere.local and then choose Logout.
Enter your local domain username and password and then choose login.
Successfully Login with the active directory domain account.
How to Assign User Read-Only Permissions
I have already created a user account in Active Directory to assign permissions on vSphere objects. Here I will set read-only permission for the user name support. Or you can allow users to perform basic tasks such as powering on VM or rebooting a virtual machine.
Log in with VMware vSphere Client, select the menu tab, and click on the administrator option.
Expand Access Control, choose Global Permission, and then click ADD.
Select your active directory domain (jamilteck.local).
From the User/Group, enter a user name (for example support) the one you want to allow read-only permission.
Under role choose Read-only.
Tick the box Propagate to children and then choose ok.
We can see the Read-only user (support) successfully added, so click on the user icon and then click Logout.
Enter the local domain username and credentials and then click login.
After login in with the read-only account and checking the VM menu is hidden.
