Monday, August 11, 2014

VIN guest operating system management: limited permissions for vcenter server

vCenter Infrastructure Navigator has a single account which it uses to access VMs.
This is set within vCenter Server's infrastructure navigator screen.

I wanted to limit which datacenters inside vCenter Server VIN would be able to see as the functions this account can perform.

Resolution:

Create a guest operating system management role within vCenter Server with minimal privileges for VIN:

  • Navigate to administration
  • Select roles
  • Click add roles
  • Enable the following with checkbox:
    • Virtual machine > Interaction -> Guest operating system management by VIX API 
    • Virtual machine > Interaction -> Console interaction
  • Provide role name

  • On the vCenter entity root level click manage tab
  • Select permissions and add
  • Select user and assign the newly create limited VIN role.


This will provide the necessary privileges to enable the discovery process for user selected.

In my case I also did not want this service account to view my vCloud director datacenter so I added the user to the datacenter permissions with "no access" role.

From inventory menu select Infrastructure navigator.
Select settings tab
Here you can now set the new user account.
Make sure to enable access to VMs