I was wondering if there was a lightweight way that we could allow a service providers access to one of our VMs through the web page but without access to the rest of the admin interface?
That is, if the the server was located on https://10.0.0.1/ui
and the machine was https://10.0.0.1/ui/#/console/1
how could that access that machine alone, and stop them from trying to access /ui/
alone.
I have already created a new user, contractor
, and then created a new role with only VirtualMachine
access. This allows me to only see the one VM that I have assigned the privilege to - so far so good.
If I try accessing https://10.0.0.1/ui/#/console/1
directly then I am asked to log in. But if I access https://10.0.0.1/ui
I can see only the VM allowed - but with extra privileges like restart, shutdown, etc.
I've noticed that only allowing VirtualMachine
still auto enables System
. Removing it seems to not save so I assumed it is mandatory.
We are on ESXi v7.