System Roles

Administrator

-1

Superuser access. Encompasses the set of all defined privileges. This role cannot be deleted. By default, the Administrator role is granted to the user or group that owns the root node.

Anonymous

-4

Cannot be granted. Default access role associated with any user account that has logged in.

No Access

-5

No access. Explicitly denies access to the user or group with this role. Assigning this role to a user account prevents the user from seeing any objects. Use the

No Access

role to mask subobjects under a higher-level object that has propagated permissions defined.

Read-Only

-2

Read-only access. Encompasses the set of all nonmutable privileges. (

System.Anonymous

,

System.Read

, and

System.View

). Equivalent to a user role with no permissions. Users with this role can read data or properties and call query methods, but cannot make changes to the system.

View

-3

Visibility access consisting of

System.Anonymous

and

System.View

privileges. Cannot be granted.

Sample Roles

Virtual Machine Administrator

1

Set of privileges necessary to manage virtual machines and hosts within the system.

Datacenter Administrator

2

Set of privileges necessary to manage resources, but not interact with virtual machines.

Virtual Machine Provider

3

Set of privileges necessary to provision resources.

Virtual Machine Power User

4

Set of privileges for a virtual machine user that can also make configuration changes and create new virtual machines.

Virtual Machine User

5

Set of privileges necessary to use virtual machines only. Cannot reconfigure virtual machines.

ResourcePool Administrator

6

Available on vCenter Server systems only.

VMware Consolidated Backup Utility

7

Available on vCenter Server systems only. Set of privileges necessary to run the Consolidated Backup Utility.