Data Center Virtualization Certification：VCP6.5-DCV Exam Guide

上QQ阅读APP看书，第一时间看更新

Compare and contrast default system/sample roles

As described in the Creating/cloning/editing vCenter Server roles section, there are two different types of predefined roles:

System roles (cannot be modified or deleted):
- Administrator role: With this role, you can correspond to all privileges. By default, users with this role are the SSO administrator, the vCenter root (or administrator) user, and ESXi vpxuser (used by the vCenter agent).
- No cryptography administrator role: This role has the same privileges as the administrator role, except for cryptographic operations privileges. This means that users cannot encrypt or decrypt VMs, or access encrypted data.
- Read-only role: With this role, it's possible to view the details of the object, but it's not possible to change anything.
- No access role: With this role, it's not possible to view or change the object in any way. By default, new users and groups are assigned to this role.
Sample roles (can be cloned, modified, or removed):
- VM administrator: This role allows for complete and total control of a VM, including some related host operations.
- VM power user: This role grants rights only to a VM, including changing the settings or creating snapshots.
- VM user: This role grants access rights exclusively to VMs, with limited functions, such as powering on, powering off, or resetting the VM, or running media from the virtual discs.
- Resource pool administrator: This role is permitted to create resource pools and assign those pools to VMs.
- Data center administrator: This role permits adding new data center objects.
- VMware consolidated backup user: This role is required for the old VCB framework, but is a good starting point for other backup products.
- Data store consumer: This role allows using space on a data store.
- Network consumer: This role allows assigning a network to a VM or a host.

For more details, see Table 1.2 or the vSphere 6.5 Security Guide (https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-18071E9A-EED1-4968-8D51-E0B4F526FDA3.html).