Lab 15 Part 2 - User Permissions (Continued)
Video Activity
Lab 15 part 2. User Permissions (Continued) This lesson continues to discuss user privileges in the vSphere environment. Participants will learn step by step instructions in this lab-based class on how to do the following: Verify that the permissions work as expected
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
Lab 15 part 2. User Permissions (Continued) This lesson continues to discuss user privileges in the vSphere environment. Participants will learn step by step instructions in this lab-based class on how to do the following:
- Verify that the permissions work as expected
Video Transcription
00:04
All right. So the next task would be to see if the student account allows me to create the VM.
00:10
So we will go ahead and launch the vic client
00:13
and our log in as
00:17
being weird. Local actually. Should just be able to type in Vienna. Where? Student.
00:34
Okay,
00:38
now you'll notice.
00:40
Remember, this is a very
00:43
limited account. It can only do things like create VM.
00:46
So because I put this on the 0.200 host, if I right click, I got 100. Host.
00:52
Uh,
00:53
new virtual machine is not even available as a choice.
00:56
So this proves that the permissions are working.
00:59
I go to my 0.200 host. I can right click select new virtual machine.
01:04
Well, go ahead and pick a custom machine.
01:11
I'll just call this
01:12
student VM,
01:15
and you'll notice that I have a message here. I don't have the privilege is to create
01:21
a new V m on this particular data center.
01:25
I don't have the privileges for that folder or that folder
01:29
or that folder where that folder
01:30
Lavey EMS, is the only one where this privilege applies.
01:34
So that's the one I must select in order to
01:38
allow me to click the next button.
01:41
It's no, I will.
01:42
I can choose one day a store, the other.
01:46
I'll just go ahead and pick this default data store
01:49
and we get a message
01:51
says I do not have permissions to allocate space on day of store want.
01:55
Well, that's interesting, right? Because I
01:57
I
01:57
did select the allocate space
02:00
privilege.
02:01
However, I didn't do it for the data store itself.
02:06
So let's go back to our
02:08
Web client.
02:15
I can't do it from the vic because I'm not logged in on this
02:19
Web client. I'm log in as administrator, so I commit. Do this operation.
02:23
I'll go back.
02:25
Two.
02:27
My list of inventory items and I'll select
02:30
data stores.
02:34
And the one I'm looking for is data store one.
02:38
So underneath my permissions, or rather, the managed have been the permissions button.
02:43
I can see that I've got plenty of things to find here, but there's nothing here for
02:47
it's the VM Creator role or the student account.
02:52
So what do you need to? D'oh
02:53
is just as before,
02:59
I will select my VM where domain
03:01
the search was already set up for us to use a student is here. I can select, double click that
03:10
select. Okay. And then for the role,
03:14
we'll go back and pick the VM creator role.
03:20
Now, Vienna, where student with the VM create a role is available for this data store. So if I go back to mine
03:28
Vic Client,
03:29
I can try to create the VM again.
03:31
New virtual machine
03:34
custom.
03:36
I'll call it Student VM
03:38
will select a lab PM's folder.
03:43
I want a picked A store one.
03:46
So let me do it this times since that permission was just added.
03:50
And I can pick the virtual machine version
03:54
and the guest operating system will just leave those all at defaults.
04:06
What is it saying now? I don't have suitable of machine virtual machine networks.
04:13
So what we have to do now is make a change
04:16
again. I'll go back to my Web client.
04:18
I've left these
04:20
configuration options undone on purpose just to illustrate how
04:27
some fine tuning sometimes has to be done when you're creating,
04:30
arrange.
04:32
So we'll go back to the Web client.
04:41
In this case, I want to go to networking
04:45
and I've got a V M network,
04:47
uh,
04:48
defined here.
04:49
I'm on the manage tab with permissions. As you can see, student and VM Creator is not defined here. So let's go ahead and do that
05:00
Going to the VM. Where? Domain
05:01
finding my student account, I'll double click.
05:13
And then the role that will pick
05:15
is VM creator.
05:20
So that gets created for the actual network that's defined.
05:25
I'll switch back.
05:28
Hopefully the
05:30
changeable.
05:31
All right, I have to actually
05:34
cancel this
05:36
this wizard and start
05:40
the virtual machine creation again. Not a big deal. Picking mostly default settings anyways.
05:48
Student Veum
05:50
Latvians folder
05:54
Correct Data store
05:57
picking the right virtual machine Hardware version
06:00
Default for CP use.
06:04
Lowered the memory a little bit.
06:09
Still giving me trouble.
06:11
Let's troubleshoot this.
06:13
Okay, so I think I'm gonna do is try. And this with the Web clients sometimes.
06:16
Ah, certain things
06:19
are a little bit different between the two clients, as I was explaining earlier.
06:26
So already logged in as administrator. Open up a new tab
06:31
and we'll start up the Web client
06:34
this time. I'm going to log in as
06:39
student
06:46
the alarm. Ian,
06:50
that's interesting. Okay, so it remains that keeps the cookie from my authentication around for just a little while so
06:59
it did logmein as student, since I was just in this Web client as student.
07:05
Otherwise, we have to log out
07:10
and log back in a student.
07:12
But since I'm here, let's go ahead and get started. What we want to do
07:17
is go to the center.
07:20
We'll pick our hosts and clusters,
07:25
and I want
07:27
select hosts 200
07:30
and I can right click
07:32
and say, a new virtual machine again. If I right click on host 100
07:41
stick in a moment here,
07:48
you'll notice that the permissions
07:51
are don't exist for me to do anything here because that's
07:57
the student role is
07:59
only to find
08:01
are beside the student account of the VM Creator. Role is only to find on host 200
08:05
so we'll go back to 200
08:13
and I'll right click.
08:16
New Virtual machine is available,
08:20
so this wizard looks a little bit different in the Web client.
08:22
Like a lot more choices here I concur. A new virtual sheen. Use a template, make a clone so they've expanded some of the options
08:31
for most intensive purposes. Using the Web client is probably the way to go.
08:35
If you are running ah version 5.5 or higher or even 5.1 and higher
08:41
anyway. So, uh, we'll create new virtual machine will click next. I'll call it student VM,
08:48
and I have to find my lab. PM's folder.
08:52
One difference here. It does not gray out the next, but you do have the message of the bottom
08:58
that I don't have permissions, but the next button is still available.
09:01
Only the Latvians folder has this role defined, so we'll click next year.
09:07
I can see that compatibility checks for Post 200 are correct.
09:13
Click next.
09:13
Then I'll pick the proper data store.
09:20
Click. Next again,
09:22
I'll make sure I can select a compatibility
09:24
sold 255
09:28
And I'll just leave this set to a default for
09:33
Server 2008.
09:35
Of course, you know that you can
09:37
picks through quite a large list of Windows machines
09:41
or Windows operating systems rather or pick Lennox or or other. So we'll just stick with this.
09:48
Then I get a chance to modify all of my virtual hardware.
09:56
Someone changed this too
09:58
gigabytes, and we'll just say two gigabytes of RAM
10:03
and
10:05
the hard disk.
10:07
Let's call that
10:09
15
10:11
The dam stores not very large, so I want to make sure it fits.
10:13
I can pick the network. And if you remember,
10:16
we signed
10:18
the permission to use the V M network to connect to it.
10:22
So we've got that check box,
10:24
we click next,
10:26
we get our summary and we can click. Finish.
10:28
We'll watch our status here.
10:31
That task completed very quickly.
10:35
And now if I go back
10:37
to open up that Vienna's inventory, I can see that my student VM has been created
10:43
because of the permissions that were assigned
10:46
to the student role.
10:48
By right click.
10:50
I don't have very many options here. I can power the machine on
10:52
like a managed snapshots. But I can't, for instance, shut down the guest OS.
10:58
I can't
11:00
remove
11:01
the machine. I can't delete it.
11:03
So it's very,
11:05
uh,
11:07
limited. And that's by design. We want to be able to create roles that only allow the specific activities for that job function to be performed and nothing else.
11:18
So, yeah, we'll see here. I can't remove it from the inventory. I can't believe from disk.
11:22
None of those options are available to me.
11:30
Okay, so that concludes.
11:31
Lab number 15
11:35
and our next lab. We will be working with resource pools.
11:39
So we'll we'll create some CPU traffic,
11:41
create a couple of resource pools, and then verify that they work as expected.
11:48
So you're lab 16. Thank you.
Up Next
Similar Content
