facebooktwitteryoutube
Home About VCP Virtual Home Lab VCP6 Study Guide VCAP6-DCV Deploy Study guide VCAP6 – DCV Design Collection
in blueprint - 24 Dec, 2015
by mordi - no comments
VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.1 – Part 2

In this post we are going to continue with section 1 Objective 1.1 from the VCP-DCV blue print.

Create/Clone/Edit vCenter Server Roles

From home click on roles you can create/clone/edit server roles but you cannot modify the Administrator/Read Only/No access and Tagging admin , the reset can be modified 

role

 


Configure VMware Directory Service

see my post regarding adding vCenter to AD : http://vpentathlon.com/joining-vcenter6-to-my-lab-active-directory/


Apply a role to a User/Group and to an object or group of objects

nothing new from the previous post about permissions


Change permission validation settings

That was tricky to find 🙂 , i looked at the VMware doc and it not pointing to the right place.  vCenter Server periodically validates its user and group lists against the users and groups in the user directory. It then removes users or groups that no longer exist in the domain. You can disable validation or change the interval between validations.

from Home  click on vCenter Inventory lists >> vCenter Servers >> your vCenter >>Settings >>General >> Edit >> User directory

validation

 


 

 

Determine the appropriate set of privileges for common tasks in vCenter Server

The long list that need to memorize for the exam are in the VMware Security document page 128-129

Note to Self:come up with a system to remember this and update blog

below are screenshots from the VMware doc.

priv1

Source: VMware vSphere Security document

priv2

Source: VMware vSphere Security document

 


 

Compare and contrast default system/sample roles

System roles System roles are permanent. You cannot edit the privileges associated with these roles.
Sample roles VMware provides sample roles for certain frequently performed combination of tasks. You can clone, modify or remove these roles.

sample

 


 

Determine the correct permissions needed to integrate vCenter Server with other VMware product

for other WMware product you will need to use Global Permission .

From VMware Security document :” Global permissions are applied to a global root object that spans solutions.
For example, if both vCenter Server and vCenter Orchestrator are installed,
you can give permissions to all objects in both object hierarchies using global
permissions.”

 

 

 

Leave a Reply