第一部分
管理esxi权限
vsphere访问控制安全模型
管理hosts访问控制
no access不能访问
read-only只读
administrator管理员
hosts默认三大角色介绍
no access the no access role works as the name suggests.this role prevents access to an object or objects in the inventory.the no access role can be used if a user was granted access higher up in the inventory.the no access role can also be used at lower-level objects to prevent object access.for example,if a user is granted permissions at the esx/esxi host but should be prevented access to a specific virtual machine,you could use the no access role on that specific virtual machine.
read-only read-only allows a user to see the objects within the vsphere client inventory.it does not allow the user to interract with any of the visible objects in any way.for wxample,a suer with the read-only permission would be able to see a list of virtual machines in the inventory but could not act on any of them.
administrator the administrator role has the utmost authority,but it is only a role,and it needs to be assigned using a combination of a user or group object and an inventory object such as a virtual machine.
创建role(vm操作者)
创建hosts本地group
vpxuser介绍
by default,when esx/esxi is installed,the only user that exists is the root user,and root has full administrative permissions to the entire server.this default set of permissions changes when an esx/esxi host is managed by vcenter server.the process of adding a host to vcenter server adds an agent(the vcenter server agent)and an additional service console account called vpxuser.the vpxuser account has a 32-character,complex,randomly generated password that is also granted membership in the administrator role on an esx/esxi host.this assignment enables the vcenter server service to carry out tasks on the esx/esxi hosts in the inventory.(管理所有esxi主机的账号,添加esxi主机的时候添加的管理员账号)
使用资源池来指派权限
