facebooktwitteryoutube
Home About VCP Virtual Home Lab VCP6 Study Guide VCAP6-DCV Deploy Study guide VCAP6 – DCV Design Collection
in blueprint - 24 Dec, 2015
by mordi - no comments
VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.1 – Part 1

In this post we will follow the guideline from VMware VCP6-DCV blueprint

This post will include only some of the objectives and i will continue in the next post.

below are the objective for this post taking from VMware site: https://mylearn.vmware.com/mgrReg/plan.cfm?plan=64180&ui=www_cert

Objective 1.1: Configure and Administer Role-based Access Control

  • Compare and contrast propagated and explicit permission assignments
  • View/Sort/Export user and group lists
  • Add/Modify/Remove permissions for users and groups on vCenter Server inventory objects
  • Determine how permissions are applied and inherited in vCenter Server
  • Create/Clone/Edit vCenter Server Roles
  • Configure VMware Directory Service
  • Apply a role to a User/Group and to an object or group of objects
  • Change permission validation settings
  • Determine the appropriate set of privileges for common tasks in vCenter Server
  • Compare and contrast default system/sample roles
  • Determine the correct permissions needed to integrate vCenter Server with other VMware products

 

Compare and contrast propagated and explicit permission assignments

If we look at VMware vSphere Security document page 114 under the topic is “Understanding Authorization in vSphere” . we can a better understanding of the authorization in vSphere .

Basically we need to understand that vSphere 6.0 allows a privileged user or a group(such as Administrator) to give other users permissions to perform tasks in following ways:

vCenter Server Permissions : The permission model for vCenter Server systems relies on assigning permissions to objects in the object hierarchy of that vCenter Server. Each permission gives one user or group a set of privileges, that is, a role for a selected object.

Global Permissions: Global permissions are applied to a global root object that spans solutions.

Group Membership in vsphere.local Groups: The user administrator@vsphere.local can perform tasks that are associated with services included with the Platform Services Controller(PSC). In addition,members of a vsphere.local group can perform the corresponding task.

ESXi Local Host Permissions: when managing a standalone ESXi host that is not managed by a vCenter Server system, you can assign one of the predefined roles to users.


View/Sort/Export user and group lists

This is kinda funny, i am not sure what question we are going to get in the exam regrading this:-)

To get to the user and group screen from vCenter >> Administration >>under SSO >> Users and groups

See the annotation in the picture below:user_groups

 


 

Add/Modify/Remove permissions for users and groups on vCenter Server inventory objects

to Add/Modify/Remove permission for a user and group from vCenter inventory you will need:

  • Choose the object , in the picture below we choose esx0.vshere6lab.local
  • click on Manage and than click on Permission 
  • from there you can add (+) edit (pencil) remove (x)

view_mod

 


 

Determine how permissions are applied and inherited in vCenter Server

 

vsphere_Permission

Source: VMware vSphere Security document

 

vsphere_inh

Source: VMware vSphere Security document

 

Leave a Reply