How to – create a local user/assign permissions on an ESXi host

Sometimes (but hopefully not very often…) you have to create a local user on your ESXi host. This how-to will show you the necessary steps using the vSphere Client as well as PowerCLI.

Part 1: Using your vSphere Client:

Step 1 – create a local user on your ESXi host:

You cannot perform these tasks with your vCenter, as there is no possibility to create local users on your ESXi hosts. Use the vSphere Client to connect directly to the ESXi host and open the “Local Users & Groups” tab:

local_user_host1

  • right-click into the “Local Users & Groups” window and select “Add…”
  • enter a login name and a password (user Name and UID will be generated automatically, if you leave the fields blank):

local_user_host2

Step 2 – create a role and assign permissions:

  • change to “Home” and open “Roles” to create a new role with dedicated permissions:

roles1

  • right-click to select “Add…”
  • define a name for the new role and select the necessary permissions:

roles2

Step 3 – assign the new role to the user:

  • In this last step you have to assign the new role to the created user.
  • change back to the “Inventory” and open the “Permissions” tab.
  • right-click and select “Add Permission…”
  • at the left part of the wizzard choose “Add…” to add the created user. At the right part select the new created role:

roles3

 

Part 2: Create a new user/role using PowerCLI:

This is not a complete “ready to use” script – it should only give you a basic idea/overview, which commands you can use to perform the necessary steps

Connect-VIServer -Protocol https -Server <FQDN_or_IP_of_VMhost> -User root -Password “your_password”

New-VMHostAccount -Id <account_name> -Password “your_new_password” -Description <description_of_the_user>

New-VIRole -Name <your_role_name> -Privilege “eg: Settings”

New-VIPermission -Entity <FQDN_or_IP_of_VMhost> -Principal <account_name> -Role “<your_role_name>” -Propagate:$true

  1. command: will connect you to your ESXi host
  2. command: will add a new local user
  3. command: will add a new role with dedicated permissions. In the example above the permission “Global” – “Settings”
  4. command: will assign the new role to the new user

For more information about VMware PowerCLI and its components take a look at the “VMware PowerCLI Overview” or visit the VMware vSphere PowerCLI Community.

Leave a Comment

Your e-mail address will not be published. Required fields are marked *