HOW-TO: Manage Users in VMware Using esxcli
Contents
ESXCLI Commands
Starting with vSphere 6.0, a set of ESXCLI commands allows you to perform the following operations.
- Give permissions to local users and groups by assigning them one of the predefined roles.
- Give permissions to Active Directory users and groups if your ESXi host has been joined to an Active Directory domain by assigning them one of the predefined roles.
Important When you manage local users on your ESXi host, you are not affecting the vCenter Server users.
1 List permissions.
esxcli system permission list
The system displays permission information. The second column indicates whether the information is for a user or group.
[kenforeman@baari:~] esxcli system permission list
Principal Is Group Role Role Description
---------- -------- ----- ----------------
dcui false Admin Full access rights
kenforeman false Admin Full access rights
root false Admin Full access rights
vpxuser false Admin Full access rights
2 Set permissions for a user or group.
Specify the ID of the user or group, and set the --group option to true to indicate a group. Specify one of three roles, Admin, ReadOnly or NoAccess.
esxcli system permission set --id kenforeman -r Admin
3 Remove permissions for a user or group.
esxcli system permission unset --id kenforeman
Account Management
You can manage accounts by using the following commands.
esxcli system account add
esxcli system account set
esxcli system account list
esxcli system account remove
[root@baari:~] esxcli system account list
User ID Description
---------- -----------
root Administrator
dcui DCUI User
vpxuser VMware VirtualCenter administration account
kenforeman Ken Foreman