There have been so many new features and enhancements on vSphere 6, that
sometimes we did not even notice the smaller ones, just like Global
Permission. This one will be particular interesting if you have vCenters in
linked-mode.
Thanks to enhanced Linked mode on vCenter 6, things are going global,
like license, roles and permissions.
Now, when creating roles, you don’t need to specify the vCenter where
this role will be created anymore, it’s Global and will be sync among all vCenters on
the same SSO Domain.
Besides roles you now have a new option; Global Permissions.
If you remember back on vSphere 5.X days, there’s no such thing.
The Global Permissions works pretty much the same way of roles and
permissions, you set up the role and the permission it would have, but instead
of giving specific permissions on each object, you set it as a Global Permission,
giving the user/group the privilege on all objects of all objects hierarchies.
Important: Use Global Permission with care and only when justified.
To set it up it’s easy:
- Go to Home/Roles ;
- Select Global Permission and click the plus sign;
- Add the user/group which will receive the permission, select the role
and don’t forget to enable the propagate option;
On my example I create a role with a privilege just to manage Alarms.
In a few seconds the privileges have been applied to both my vCenters.
Great for applying permissions widely, right ; )