Authentication and Authorization

VMware vSphere implements mechanisms to ensure that only valid users can access virtual infrastructure components.Each property and method in the API has an associated privilege requirement, and only uses with corresponding privileges can access the entities. This chapter discusses approaches to securing the system and the related service interfaces. The chapter also discusses the user model, which is different in ESXi systems and vCenter Server systems.

The chapter includes the following topics:

■	Objects for Authentication and Authorization Management

■	Authentication and Authorization for ESXi and vCenter Server

■	Setting Up Users, Groups, and Permissions

■	Obtaining User and Group Information from UserDirectory

■	Managing ESXi Users with HostLocalAccountManager

■	Managing Roles and Permissions with AuthorizationManager

■	Authenticating Users Through SessionManager

■	Using the Credential Store for Automated Login

■	Managing Licenses with LicenseManager

See the vSphere Datacenter Administration Guide for a list of required privileges for common tasks and best practices for roles and permissions. See Privileges Reference for lists of privileges required to invoke operations and to read properties, and privileges defined for the administrator role.