vSphere 6.x Roles

The vSphere role category contains the following roles: 

  • ASC_BasicLogin
  • ASC_BackupAdmin
  • ASC_VMUser
  • ASC_VMPowerUser
  • ASC_VIAdminUser
  • ASC_StorageAdmin
  • ASC_ESXAdmin
  • ASC_DCAdmin
  • ASC_NetworkAdmin

CloudControl Role

Description

Backup Administrator

(ASC_BackupAdmin)

Users with the ASC_BackupAdmin role can back up and restore virtual machines (guests).

Basic Login

(ASC_BasicLogin)

Users with the ASC_BasicLogin role can perform some basic operations, such as login.

Datacenter Administrator
(ASC_DCAdmin)

Users with the ASC_DCAdmin role can set up VMware vCenter Server data centers and perform actions on all resources within virtual datacenters.

ESXi Maintenance Administrator
(ASC_ESXMAdmin)

Users with the ASC_ESXMAdmin role can install patches, change ESXi host configurations, and reboot ESXi hosts. They can also perform ESXi host maintenance (use SSH, change configuration, reboot, configure SSL, Virtual Resource Pools management) and CloudControl configuration, assessment, and remediation (ARC). These users have no virtual machine privileges.

Network Administrator
(ASC_NetworkAdmin)

Users with the ASC_NetworkAdmin role can manage virtual switches, network resource pools, VLANs, and other network configuration settings.

Storage Administrator

(ASC_StorageAdmin)

Users with the ASC_StorageAdmin role can define VMFS volumes and mapping to LUNs including masking and zoning. They an define iSCSI access paths, manage NFS volumes, manage HSM and data retention, administor storage and disk replacement, manage backups, manage datastores and datestore clusters, and perform datastore copy, move, rename, upload and download operations in datastore files.

Virtual Infrastructure Administrator

(ASC_VIAdmin)

Users with the ASC_VIAdmin role can perform virtual infrastructure operations including configuring DRS and VMware HA, initiate VMotion, assign hosts to resource pools, and Virtual Resource Pools and guest aliases management. They have limited privileges on ESXi hosts.

Virtual Machine Power User

(ASC_VMPowerUser)

Users with the ASC_VMPowerUser role can perform actions on virtual machines and resource objects, including view and change most virtual machine configuration settings, guest alias management, take snapshots, and schedule tasks. These users have all privileges for scheduled task privileges group, and selected privileges for global items, datastore, and virtual machine privileges groups. However, they do not have privileges for folder, datacenter, network, host, resource, alarms, sessions, performance, and permissions privileges groups.

Virtual Machine User (ASC_VMUser)

Users with the ASC_VMUser role can interact with virtual machines, but not change the virtual machine configuration. They have full privileges for the scheduled task privileges group and selected privileges for the global items and virtual machine privileges groups. However, they do not have privileges for folder, datacenter, datastore, network, host, resource, alarms, sessions, performance, and permissions privileges groups.