VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.1 – Part 2

Home / blueprint / VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.1 – Part 2

In this post we are going to continue with section 1 Objective 1.1 from the VCP-DCV blue print.

Create/Clone/Edit vCenter Server Roles

From home click on roles you can create/clone/edit server roles but you cannot modify the Administrator/Read Only/No access and Tagging admin , the reset can be modified 



Configure VMware Directory Service

see my post regarding adding vCenter to AD :

Apply a role to a User/Group and to an object or group of objects

nothing new from the previous post about permissions

Change permission validation settings

That was tricky to find 🙂 , i looked at the VMware doc and it not pointing to the right place.  vCenter Server periodically validates its user and group lists against the users and groups in the user directory. It then removes users or groups that no longer exist in the domain. You can disable validation or change the interval between validations.

from Home  click on vCenter Inventory lists >> vCenter Servers >> your vCenter >>Settings >>General >> Edit >> User directory





Determine the appropriate set of privileges for common tasks in vCenter Server

The long list that need to memorize for the exam are in the VMware Security document page 128-129

Note to Self:come up with a system to remember this and update blog

below are screenshots from the VMware doc.

Source: VMware vSphere Security document
Source: VMware vSphere Security document



Compare and contrast default system/sample roles

System roles System roles are permanent. You cannot edit the privileges associated with these roles.
Sample roles VMware provides sample roles for certain frequently performed combination of tasks. You can clone, modify or remove these roles.




Determine the correct permissions needed to integrate vCenter Server with other VMware product

for other WMware product you will need to use Global Permission .

From VMware Security document :” Global permissions are applied to a global root object that spans solutions.
For example, if both vCenter Server and vCenter Orchestrator are installed,
you can give permissions to all objects in both object hierarchies using global




Leave a Reply

Your email address will not be published. Required fields are marked *