The three-level authorization model of the vCenter Server Appliance maps to local roles and to vCenter Single Sign-On groups, depending on how the user authenticated. This model allows consistent security control regardless of operational context.

The authorization levels map to group and role.

Authorization Mapping

Authorization Level

vCenter Single Sign-On Group

Appliance Local Role

operator

SystemConfiguration.Administrators

operator

administrator

SystemConfiguration.Administrators

admin

superAdministrator

SystemConfiguration.BashShellAdministrators

superAdmin

When a super administrator adds user accounts, the options available include a choice of the role to assign to the new user.