Term
| T/F: Local user accounts created on an ESXi host are synchronized with Windows and Active Directory Accounts that vCenter Server uses and vice versa. |
|
Definition
| False. Even when connecting to each through vSphere client. |
|
|
Term
| Describe the 'No Access' Role |
|
Definition
- Cannot view or change the assigned object
- vSphere Client tabs associated with an object appear without content
- Can be used ot revoke permisions that would otherwise be propogated to an object from a parent object
- Available in ESX/ESXi and vCenter Server
|
|
|
Term
| Describe the 'Read Only' role |
|
Definition
- View the state and details of the object
- View all the tab panels in the vSphere Client except the Console tab. Cannot perform any actions through the menus and toolbars
- Available on ESX/ESXi and vCenter Server
|
|
|
Term
| Describe the 'Administrator' role |
|
Definition
All privileges for all objects.
Add, remove, and set access rights and privileges fro all the vCenter Server users and all the virtual objects in the vSphere environment
Available in ESX/ESXi and vCenter Server |
|
|
Term
| Describe the 'Virtual Machine Power User' role |
|
Definition
A set of privileges to allow the user to interact with and make hardware changes to virtual machines, as well as perform snapshot operations.
Privileges granted include:
- All privileges for the scheduled task privileges group
- Selected privileges for global items, datastore, and virtual machine privileges groups
- No privileges for folder, datacenter, network, host, resource, alarms, sessions, performance and permissions privileges groups
Usually granted on a folder that contains virtual machines or on individual virtual machines.
Available on vCenter Server only |
|
|
Term
| Describe the 'Virtual Machine User' role |
|
Definition
A set of privileges to allow the user to interact with a virtual machine's console, insert media, and perform power operations. Does not grant privileges to make virtual hardware changes to the virtual machine.
Privileges granted include:
- All privileges for the scheduled task privileges group
- Selected privileges for global items, datastore, and virtual machine privileges groups
- No privileges for folder, datacenter, network, host, resource, alarms, sessions, performance and permissions privileges groups
Usually granted on a folder that contains virtual machines or on individual virtual machines.
Available on vCenter Server only |
|
|
Term
| Describe the 'Resource Pool Administrator' role |
|
Definition
A set of privileges to allow the user to create child resource pools and modify the configuration of the children, but not to modify the resource configuration of the pool or cluster on which the role was granted. Also allows the user to grant permissions to child resource pools, and assign virtual machines to the parent or child resource pools.
Privileges granted include:
- All privileges for folder, VM, alarms, and scheduled task privileges groups
- Selected privileges for resource and permissions privileges groups
- No privileges for datacenter, network, host, sessions, or performance privileges groups
Additional privileges must be granted on virtual machines and datastores to allow provisioning of new virtual machines
Usually granted on a cluster or resource pool
Available on vCenter server only |
|
|
Term
| Describe the 'VMware Consolidated Backup User' role |
|
Definition
Used by the VMware Consolidated Backup product. Do not modify.
Available on vCenter Server |
|
|
Term
| Describe the 'Datastore Consumer' role |
|
Definition
A set of privileges to allow the user to consume space on the datastores on which the role is granted. To perform a space-consuming operation, such as creating a virtual disk or taking a snapshot, the user must also have the appropriate virtual machine privileges granted for these operations.
Usually granted on a datastore or a folder of datastores.
This role is available on vCenter Server only. |
|
|
Term
| Describe the 'Network Consumer' role |
|
Definition
A set of privileges to allow the user to assign virtual machines or hosts to networks, if the appropriate permissions for the assignment are also granted on the virtual machines or hosts.
Usually granted on a network or folder of networks.
Available on vCenter Server |
|
|
Term
Which of the following roles are 'System' roles?
Choose 3: Virtual Machine User, Administrator, Datastore Consumer, No Access, Network Consumer, Virtual Machine Power User, Read Only, Resource Pool Administrator, VMware Consolidated Backup User |
|
Definition
1. No Access
2. Read Only
3. Administrator |
|
|
Term
Which of the following is a 'Sample' role that should not be modified?
Which of the following roles are 'System' roles?
Choose 1: Virtual Machine User, Administrator, Datastore Consumer, No Access, Network Consumer, Virtual Machine Power User, Read Only, Resource Pool Administrator, VMware Consolidated Backup User |
|
Definition
| VMware Consolidated Backup User |
|
|
Term
| What happens to permissions applied at the same level |
|
Definition
| They are summed to include both sets of permissions |
|
|
Term
| In the situation where there is an inherited permission on an object and also a permission applied directly to the object, which takes precedence? |
|
Definition
| The manually applied permissions over-ride inherited permissions |
|
|
Term
| In the situation where permissions applied directly to a user conflict with group permissions, which takes precedence? |
|
Definition
| The directly applied permissions would over-ride both group and inherited permissions |
|
|
