HostLocalAccountManager

is used to create and manage user accounts on ESXi systems. Authenticated users can view objects or invoke operations on the server depending on the permissions associated with their account. See Managing ESXi Users with HostLocalAccountManager.

AuthorizationManager

protects vSphere components from unauthorized access. Access to components is role-based: Users are assigned roles that encompass the privileges needed to view and perform operations on vSphere objects.

AuthorizationManager

has operations for creating new roles, modifying roles, setting permissions on entities, and handling the relationship between managed objects and permissions.

UserDirectory

provides a look-up mechanism that returns user-account information to

AuthorizationManager

or to another requestor, such as a client application. See Obtaining User and Group Information from UserDirectory.

SessionManager

provides an interface to the authentication infrastructure on the target server system (see Authenticating Users Through SessionManager).

For vCenter Server systems,
SessionManager
supports single sign-on based on SSO tokens obtained from a VMware SSO Server. See Establishing a Single Sign-On Session with a vCenter Server.
For ESXi systems,
SessionManager
supports authenticating user accounts as defined on the host system, such as accounts created using vSphere Client or accounts created programmatically through the
HostLocalAccountManager
API.

Even if a user is authorized to perform operations on a vSphere object, the operation fails if the licenses for the host or the feature have not been assigned. You use

LicenseManager

and

LicenseAssignmentManager

to manage the licenses. See Managing Licenses with LicenseManager.