Create/clone/edit vCenter Server Roles

In VMware vCenter, there are different types of roles, as follows:

• Default roles: These are predefined on vCenter Server, and cannot be modified or deleted. 
• Sample roles: These are also predefined, and are used to manage certain types of tasks. They can be cloned, modified, or removed.
• Custom roles: These can be defined by the administrators, and are created from scratch or cloned from existing roles.

The following table summarizes the predefined roles:

    
          
Type           Role
        
          
System role
                   
          

• Administrator role
• No cryptography administrator role
• No access role
• Read-only role

        
          
Sample role
                   
          

• VM power user role
• VM user role
• Resource pool administrator role
• VMware consolidated backup user role
• Data store consumer role
• Tagging admin role
• Network administrator role
• Content library administrator role

Usually, role names are quite descriptive about what kinds of tasks will be permitted, but you can edit them to see the complete list of privileges.

You can manage the vCenter roles using the vSphere Web Client by selecting the Roles menu and navigating to Home | Administration | Access Control:

The selected toolbar will allow you to create, clone, modify, or delete a role.

To create a new role from scratch, just click on the Create role action icon, type a name for the new role, and then select the right privileges for the role.

To clone an existing role into a new role, just select the desired source role and click on the Clone role action icon, then type a name for the new role. At that point, you can modify it with the Edit action icon.

For more information, you can refer to the vSphere 6.5 Security Guide (https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-18071E9A-EED1-4968-8D51-E0B4F526FDA3.html).