In this post we are going to continue with section 1 Objective 1.1 from the VCP-DCV blue print.
Create/Clone/Edit vCenter Server Roles
From home click on roles you can create/clone/edit server roles but you cannot modify the Administrator/Read Only/No access and Tagging admin , the reset can be modified
Configure VMware Directory Service
see my post regarding adding vCenter to AD : http://vpentathlon.com/joining-vcenter6-to-my-lab-active-directory/
Apply a role to a User/Group and to an object or group of objects
nothing new from the previous post about permissions
Change permission validation settings
That was tricky to find 🙂 , i looked at the VMware doc and it not pointing to the right place. vCenter Server periodically validates its user and group lists against the users and groups in the user directory. It then removes users or groups that no longer exist in the domain. You can disable validation or change the interval between validations.
from Home click on vCenter Inventory lists >> vCenter Servers >> your vCenter >>Settings >>General >> Edit >> User directory
Determine the appropriate set of privileges for common tasks in vCenter Server
The long list that need to memorize for the exam are in the VMware Security document page 128-129
Note to Self:come up with a system to remember this and update blog
below are screenshots from the VMware doc.
Compare and contrast default system/sample roles
System roles System roles are permanent. You cannot edit the privileges associated with these roles.
Sample roles VMware provides sample roles for certain frequently performed combination of tasks. You can clone, modify or remove these roles.
Determine the correct permissions needed to integrate vCenter Server with other VMware product
for other WMware product you will need to use Global Permission .
From VMware Security document :” Global permissions are applied to a global root object that spans solutions.
For example, if both vCenter Server and vCenter Orchestrator are installed,
you can give permissions to all objects in both object hierarchies using global