ESX Virtualization

VMware ESXi, vSphere, VMware Backup, Hyper-V... how-to, videos....

Nakivo Backup and Replication - #1 Backup solution for Virtual, physical, cloud, NAS and SaaS

Menu
  • Certification
      • VCP-DCV vSphere 8
          • vcp2024-125.
        • Close
    • Close
  • VMware
    • Configuration Maximums
    • vSphere
      • vSphere 8.0
      • vSphere 7.0
      • vSphere 6.7
      • vSphere 6.5
      • vSphere 6.0
      • Close
    • VMworld
      • VMware EXPLORE 2024
      • VMware EXPLORE 2023
      • VMware EXPLORE 2022
      • VMworld 2019
      • VMworld 2018
      • VMworld 2017
      • VMworld 2016
      • VMworld 2015
      • VMworld 2014
      • VMworld 2013
      • VMworld 2012
      • VMworld 2011
      • Close
    • Close
  • Microsoft
    • Windows Server 2012
    • Windows Server 2016
    • Windows Server 2019
    • Close
  • Categories
    • Tips – VMware, Microsoft and General IT tips and definitions, What is this?, How this works?
    • Server Virtualization – VMware ESXi, ESXi Free Hypervizor, VMware vSphere Server Virtualization, VMware Cloud and Datacenter Virtualization
    • Backup – Virtualization Backup Solutions, VMware vSphere Backup and ESXi backup solutions.
    • Desktop Virtualization – Desktop Virtualization, VMware Workstation, VMware Fusion, VMware Horizon View, tips and tutorials
    • How To – ESXi Tutorials, IT and virtualization tutorials, VMware ESXi 4.x, ESXi 5.x and VMware vSphere. VMware Workstation and other IT tutorials.
    • Free – Free virtualization utilities, ESXi Free, Monitoring and free backup utilities for ESXi and Hyper-V. Free IT tools.
    • Videos – VMware Virtualization Videos, VMware ESXi Videos, ESXi 4.x, ESXi 5.x tips and videos.
    • Home Lab
    • Reviews – Virtualization Software and reviews, Disaster and backup recovery software reviews. Virtual infrastructure monitoring software review.
    • Close
  • Partners
    • NAKIVO
    • StarWind
    • Zerto
    • Xorux
    • Close
  • This Web
    • News
    • ESXi Lab
    • About
    • Advertise
    • Archives
    • Disclaimer
    • PDFs and Books
    • Close
  • Free
  • Privacy policy

VCP6.7-DCV Objective 7.12 – Setup permissions on datastores, clusters, vCenter, and hosts

By Vladan SEGET | Last Updated: October 2, 2019

Shares

Today we'll cover another objective towards VCP-DCV 2019 Certification. We have started to work on a new Study Guide that we call VCP6.7-DCV Study Guide. Today's post is about VCP6.7-DCV Objective 7.12 – Setup permissions on datastores, clusters, vCenter, and hosts. An interesting chapter, important to know how to restrict and protect vCenter assets.

We won’t be able to cover everything in a single post – make sure to read the PDF documentation to know everything inside out for the exam. The VMware Exam blueprint has 41 chapters (Objectives). VCP-DCV 2019 certification is the latest certification based on vSphere 6.7.

In case you don't know, VMware changed the rules of re-certification recently. Our Post: VMware Certification Changes in 2019 has the details. No mandatory recertification after 2 years. Older certification holders (up to VCP5) can pass the new exam without a mandatory course, only recommended courses are listed).

The VCP-DCV 2019 certification will be based on 2V0-21.19 exam number and it will have 70 questions with a duration of 115 minutes. The passing score is 300. Nothing really new for those who are not new to VMware certification process.

To become VCP-DCV 2019 certified you have 3 different choices of exam:

  1. Professional vSphere 6.7 Exam 2019
  2. VMware Certified Professional 6.5 – Data Center Virtualization exam (our VCP6.5-DCV Study Guide Page which is complete)
  3. VMware Certified Professional 6.5 – Data Center Virtualization Delta exam

Note: You must be VCP5, or VCP6. If, not, you must “sit” a class and you have no “Delta” exam option.

The current exam blueprint: (Original PDF Online at VMware is here 2V0-21.19).

The certification’s name is “The VCP-DCV 2019 certification“. It is a new certification for 2019 focusing on installation, configuration, and management of VMware vSphere 6.7.

This guide is available as Free PDF!

Free Download at Nakivo – VCP6.7-DCV Study Guide.

VCP-DCV 2019 Study Guide

VCP-DCV 2019 Study Guide

VCP6.7-DCV Objective 7.12 – Setup permissions on datastores, clusters, vCenter, and hosts

Each object in the vCenter Server object hierarchy has associated permissions. Each permission specifies for one group or user which privileges that group or user has on the object.

Privileges are fine-grained access controls. You can group those privileges into roles, which you can then map to users or groups.

The permission model for vCenter Server systems basically allows you to assign permissions to objects in the object hierarchy. Each permission gives one user or group a set of privileges, that is, a role for a selected object. For example, you can select a virtual machine and select Add Permission to assign a role to a group of users in a domain that you select. That role gives those users the corresponding privileges on the VM.

 

vSphere Inventory Hierarchy

After assigning permission to an object, on the same page you can check the box to propagate permissions down the object hierarchy. You have to set the propagation for each permission. (or not).

Permissions defined for a child object always override the permissions that are propagated from parent objects.

Most inventory objects inherit permissions from a single parent object in the hierarchy. For example, a datastore inherits permissions from either its parent datastore folder or parent data center. Virtual machines inherit permissions from both the parent virtual machine folder and the parent host, cluster, or resource pool simultaneously.

Differences between permissions, privileges, users and groups and roles.

  • Permissions – each object in the vCenter hierarchy has associated permissions. Each permission
  • Privileges – access controls to the resource. You group privileges into roles, which are mapped to users or groups.
  • Users and groups – pretty obvious. Only users authenticated through Single Sign-ON (SSO) can be given some privileges. Users must be defined within the SSO or users from external identity sources such as Microsoft AD.
  • Roles – what is a role? A role allows you to assign permission to an object. Administrator, Resource Pool administrator, etc are predefined roles. You can clone them or change them (except Administrator).

When you assign permission to an object, you can choose whether the permission propagates down the object hierarchy. You set propagation for each permission. Propagation is not universally applied. Permissions defined for a child object always override the permissions that are propagated from parent objects.

Datastore Privileges

Datastore privileges control the ability to browse, manage, and allocate space on datastores. You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.

Folder Privileges

Folder privileges control the ability to create and manage folders. You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.

Add Permission to an Inventory Object

After you create users and groups and define roles, you must assign the users and groups and their roles to the relevant inventory objects. You can assign the same permissions to multiple objects simultaneously by moving the objects into a folder and setting the permissions on the folder.

Browse to the object for which you want to assign permissions in the vSphere Client object navigator. Click the Permissions tab > Click the Add Permission icon > Select the user or group that will have the privileges defined by the selected role.

From the User drop-down menu, select the domain for the user or group. Type a name in the Search box. The system searches user names and group names > Select the user or group > Select a role from the Role drop-down menu.

(Optional) To propagate the permissions, select the Propagate to children check box. The role is applied to the selected object and propagates to the child objects. Click OK to add the permission.

So here is an example of the whole process. For example, you want to assign a role to a datastore object.

First go to vSphere Client > Administration > Roles > Create a role > chose from the categories of privileges you want to create a role.

Then select the object where you want to assign permissions by selecting the role.

Chose the domain at the first drop-down menu.  Start typing a name of group (in my case I have created a group called datastore admin in my Microsoft active directory (AD) first, and then added some users to this group). It populates automatically.

And then pick the role via the drop-down menu.

Check also Required Privileges for Common Tasks

More to read in VMware vSphere 6.7 documentation

Don’t forget to check our VCP6.7-DCV Study Guide Page for all chapters for the exam.

More posts from ESX Virtualization:

  • How to Patch vCenter Server Appliance (VCSA) – [Guide]
  • VCP6.7-DCV Objective 4.2 – Create and configure vSphere objects
  • VCP6.5-DCV Objective 1 – Configure and Administer Role-based Access Control
  • What is The Difference between VMware vSphere, ESXi and vCenter
  • How to Configure VMware High Availability (HA) Cluster
  • Upgrading VCSA 6.5 to 6.7
  • What is VMware Platform Service Controller (PSC)?
  • VMware Certification Changes in 2019

Stay tuned through RSS, and social media channels (Twitter, FB, YouTube)

Shares
Vote !

| Filed Under: Server Virtualization Tagged With: Setup permissions on datastores, VCP-DCV 2019

About Vladan SEGET

This website is maintained by Vladan SEGET. Vladan is as an Independent consultant, professional blogger, vExpert x16, Veeam Vanguard x9, VCAP-DCA/DCD, ESX Virtualization site has started as a simple bookmarking site, but quickly found a large following of readers and subscribers.

Connect on: Facebook. Feel free to network via Twitter @vladan.

Private Sponsors

Featured

  • Thinking about HCI? G2, an independent tech solutions peer review platform, has published its Winter 2023 Reports on Hyperconverged Infrastructure (HCI) Solutions.
  • Zerto: One Platform for Disaster Recovery, Backup & Cloud Mobility: Try FREE Hands-On Labs Today!
Click to Become a Sponsor

Most Recent

  • Nakivo Backup and Replication v11.1 BETA adds more Proxmox friendly features
  • Vulnerability in your VMs – VMware Tools Update
  • FREE version of StarWind VSAN vs Trial of Full version
  • Commvault’s Innovations at RSA Conference 2025 San Francisco
  • VMware ESXi FREE is FREE again!
  • Installation of StarWind VSAN Plugin for vSphere
  • Protect Mixed environments with Nakivo Physical Machine recovery (bare metal)
  • No more FREE licenses of VMware vSphere for vExperts – What’s your options?
  • Tails – Your Private OS on USB Stick
  • StarWind V2V Converter Now has CLI

Get new posts by email:

 

 

 

 

Support us on Ko-Fi

 

 

Buy Me a Coffee at ko-fi.com

Sponsors

Free Trials

  • DC Scope for VMware vSphere – optimization, capacity planning, and cost management. Download FREE Trial Here.
  • Augmented Inline Deduplication, Altaro VM Backup v9 For #VMware and #Hyper-V – Grab your copy now download TRIAL.

VMware Engineer Jobs

VMware Engineer Jobs

YouTube

…

Find us on Facebook

ESX Virtualization

…

Copyright © 2025 ·Dynamik-Gen · Genesis Framework · Log in