Authorization Model Mapping to the
vCenter Single Sign-On
Domain

The three-level authorization model of
vCenter Server
maps to local roles and to
vCenter Single Sign-On
groups, depending on how the user authenticated. This model allows consistent security control regardless of operational context.
The authorization levels map to group and role.
Authorization Mapping
Authorization Level
vCenter Single Sign-On
Group
vCenter Server
Local Role
operator
SystemConfiguration.Administrators
operator
administrator
SystemConfiguration.Administrators
admin
superAdministrator
SystemConfiguration.BashShellAdministrators
superAdmin
When a super administrator adds user accounts, the options available include a choice of the role to assign to the new user.