Cryptography Privileges and Roles

By default, the user with the vCenter Server Administrator role has all Cryptographic Operations privileges. You can assign the No cryptography administrator role to all vCenter Server administrators who do not need cryptographic privileges.

The user with the vCenter Server Administrator role has all privileges by default. You can assign the No cryptography administrator role to vCenter Server users who do not need Cryptographic Operations privileges. The No cryptography administrator lacks the following privileges for cryptographic operations:

Add Cryptographic Operations privileges

Global.Diagnostics

Host.Inventory.Add host to cluster

Host.Inventory.Add standalone host

Host.Local operations.Manage user groups

To further limit what users can do, you can clone the No cryptography administrator role and create a custom role with only some of the Cryptographic Operations privileges. For example, you can create a role that allows users to encrypt but not to decrypt virtual machines, or that does grant privileges for management operations. See the

vSphere Security

manual for details.

Prerequisites and Required Privileges for Encryption Tasks

Content feedback and comments

VMware vSphere SDKs and Tools 6.7

Cryptography Privileges and Roles