The VMware vCenter comes with several privileges grouped in Roles by default. The privileges and Roles allow the administrator to configure a granular security policy defining individual user rights.
On the vCenter there are three system roles as follows:
- No Access
The system roles are permanent. there is no way to modify them. The No Access and Read-Only roles are very useful for restricting user access quickly.
The six default role samples are as follows:
- Virtual Machine Power User
- Virtual Machine User
- Resource Pool Administrator
- VMware Consolidated Backup User
- Datastore Consumer
- Network Administrator
While it is possible use the default sample roles as they are, it’s also possible to use them as a starting point to create custom roles. It’s considered a best pratice not to modify the default roles because they can be useful for future reference.