Who Can Perform
Cryptographic Operations
Only users who are assigned the
Cryptographic Operations privileges can perform cryptographic operations. The
privilege set is fine grained; see the
vSphere Security
guide. The default
Administrator system role includes all Cryptographic Operations privileges. A
new system role, No Cryptography Administrator, supports all Administrator
privileges except for the Cryptographic Operations privileges.
You can create additional custom roles, for
example, to allow a group of users to encrypt virtual machines but to prevent
them from decrypting virtual machines.
For a full list of privileges, see the section
“Cryptographic Operations Privileges” in the
vSphere Security
manual.