I want to make a user on vSphere Client for ESX 4, but when I do so, I can only assign either no access, read-only access or admin as the roles, were admin has full access to change everything. I am trying to limit what this user can do to only his virtual machines, as opposed to other team member's VMs and the host config stuff.
How could I achieve this level of security?
Presumably this is on a standalone server, not via vCenter right? I'm a VC kind of guy so know that better but you just duplicate a similar role in the roles section, rename it and modify as needed then assign it to a user/group. You can't modify the default roles basically.
I've not got a standalone server to hand (it's late here) but I'll create one in a VM tomorrow to check ok.
Setting the permissions to "read only" at the host level will prevent the user from being able to change any of the host config (you can choose to propagate through the guests or not).
From there you can set the permissions per guest. "No access" stops the guest being viewed from their vSphere client at all, read only will allow them to view the guest and settings (including events) but not change them or view the console... and admin obviously gives them full control over the guest.