HOW-TO: Manage Users in VMware Using esxcli

VMware Logo

ESXCLI Commands

Starting with vSphere 6.0, a set of ESXCLI commands allows you to perform the following operations.

• Give permissions to local users and groups by assigning them one of the predefined roles.
• Give permissions to Active Directory users and groups if your ESXi host has been joined to an Active Directory domain by assigning them one of the predefined roles.

Important When you manage local users on your ESXi host, you are not affecting the vCenter Server users.

1 List permissions.

esxcli system permission list

The system displays permission information. The second column indicates whether the information is for a user or group.

[kenforeman@baari:~] esxcli system permission list
Principal   Is Group  Role   Role Description
----------  --------  -----  ----------------
dcui           false  Admin  Full access rights
kenforeman     false  Admin  Full access rights
root           false  Admin  Full access rights
vpxuser        false  Admin  Full access rights

2 Set permissions for a user or group.

Specify the ID of the user or group, and set the --group option to true to indicate a group. Specify one of three roles, Admin, ReadOnly or NoAccess.

esxcli system permission set --id kenforeman -r Admin

3 Remove permissions for a user or group.

esxcli system permission unset --id kenforeman

Account Management

You can manage accounts by using the following commands.

esxcli system account add
esxcli system account set
esxcli system account list
esxcli system account remove

[root@baari:~] esxcli system account list
User ID     Description
----------  -----------
root        Administrator
dcui        DCUI User
vpxuser     VMware VirtualCenter administration account
kenforeman  Ken Foreman