A user is an
individual authorized to log in to an
ESXi or
vCenter Server
system.
vSphere does not explicitly
restrict users with the same authentication credentials from accessing and
taking action within the vSphere environment simultaneously.
You can manage users defined on
the
vCenter Server
system and users defined on individual hosts separately.
■
|
Manage users defined on
ESXi with the
vSphere Web Services SDK or
vicfg-user.
|
■
|
Manage
vCenter Server
users with the
vSphere Web
Client or the vSphere Web Services SDK.
|
Important
You
cannot use the
vicfg-user command to
modify users created with the
vSphere
Client
in vSphere 6.0 or earlier.
Even if the user lists of a host
and a
vCenter Server
system appear to have common users, for example, a user called devuser, these
users are separate users with the same name. The attributes of devuser in
vCenter Server,
including permissions, passwords, and so forth, are separate from the
attributes of devuser on the
ESXi host. If
you log in to
vCenter Server
as devuser, you might have permission to view and delete files from a
datastore. If you log in to an
ESXi host as
devuser, you might not have these permissions.
Users authorized to work
directly on an
ESXi host are
added to the internal user list when
ESXi is
installed or can be added by a system administrator after installation. You can
use
vicfg-user to add
users, remove users, change passwords, and configure permissions.
Caution
See the
Authentication and User Management chapter of
vSphere Security
for information about root users before you make any changes to the default
users. Mistakes regarding root users can have serious access consequences.
Each
ESXi host has
several default users.
■
|
The root user has full
administrative privileges. Root users can control all aspects of the host that
they are logged on to. Root users can manipulate permissions, create users on
ESXi hosts,
work with events, and so on.
|
■
|
The
vpxuser user is a
vCenter Server
entity with root rights on the
ESXi host,
allowing it to manage activities for that host. The system creates
vpxuser when an
ESXi host is
attached to
vCenter Server.
vpxuser is not present on the
ESXi host
unless the host is being managed through
vCenter Server.
|
■
|
Other users might be defined
by the system, depending on the networking setup and other factors.
|
Example: Create, Modify, and
Delete Users
The following example scenario
illustrates some of the tasks that you can perform. Specify one of the options
listed in
Connection Options for vCLI Host Management Commands
in place of
<conn_options>.
1 |
List the existing users.
vicfg-user <conn_options> -e user -o list
The list displays all users that are predefined by the system and
all users that were added later.
Important
The
command lists a maximum of 100 users.
|
2 |
Add a new user, specifying
a login ID and password.
vicfg-user <conn_options> -e user -o add -l user27 -p 27_password
The command creates the user. By default, the command autogenerates
a UID for the user.
|
3 |
List the users again to
verify that the new user was added and a UID was generated.
vicfg-user <conn_options> -e user -o list
USERS
-------------------
Principal -: root
Full Name -: root
UID -: 0
Shell Access -> 1
-------------------
...
--------------------
Principal -: user27
Full Name -:
UID -: 501
Shell Access -> 0
|
4 |
Modify the password for
user
user27.
vicfg-user <conn_options> -e user -o modify -l user27 -p 27_password2
The system might return
Updated user user27 successfully.
|
5 |
Assign read-only
privileges to the user, who currently has no access.
vicfg-user <conn_options> -e user -o modify -l user27 --role read-only
The system prompts whether you want to change the password, which
might be advisable if the user does not currently have a password. Answer
y or
n. The system then updates the user.
Updated user user27 successfully.
Assigned the role read-only
|
6 |
Remove the user with login
ID
user27.
vicfg-user <conn_options> -e user -o delete -l user27
The system removes the user and prints a message.
Removed the user user27 successfully.
|