vCenter Server and ESXi systems authenticate a user with a combination of user name, password, and permissions. Servers and hosts maintain lists of authorized users and the permissions assigned to each user.
Privileges define basic individual rights that are required to perform actions and retrieve information. ESXi and vCenter Server use sets of privileges, or roles, to control which users can access particular vSphere objects. ESXi and vCenter Server provide a set of pre-established roles.
The privileges and roles assigned on an ESXi host are separate from the privileges and roles assigned on a vCenter Server system. When you manage a host by using vCenter Server system, only the privileges and roles assigned through the vCenter Server system are available. If you connect directly to the host by using the vSphere Client, only the privileges and roles assigned directly on the host are available. You cannot create ESXi users with the vSphere Web Client.