An administrator wants to provide users restricted access. The users should only be able to perform the following tasks:
✑ Create and consolidate virtual machine snapshots
✑ Add/Remove virtual disks
✑ Snapshot Management
Which default role in vCenter Server would meet the administrator's requirements for the users?
Virtual Machine Power User is a sample role that grants a user access rights only to virtual machines; can alter the virtual hardware or create snapshots of the
Which two roles can be modified? (Choose two.)
It is a common knowledge that you cannot modify Administrator role and grant whatever privileges you like. Same is the case with read-only. This role is created solely for ready only purposes. So you are left with two viable options Network administrator and Datastore consumer both of which can be modified to add or delete privileges according to your specifications.
An administrator with global administrator privileges creates a custom role but fails to assign any privileges to it.
Which two privileges would the custom role have? (Choose two.)
When you add a custom role and do not assign any privileges to it, the role is created as a Read Only role with three system-defined privileges:
System.Anonymous, System.View, and System.Read.
An administrator wishes to give a user the ability to manage snapshots for virtual machines.
Which privilege does the administrator need to assign to the user?
Datastore.Allocate space allows allocating space on a datastore for a virtual machine, snapshot, clone, or virtual disk.
An object has inherited permissions from two parent objects.
What is true about the permissions on the object?
Most inventory objects inherit permissions from a single parent object in the hierarchy. For example, a datastore inherits permissions from either its parent datastore folder or parent datacenter. Virtual machines inherit permissions from both the parent virtual machine folder and the parent host, cluster, or resource pool simultaneously. To restrict a users privileges on a virtual machine, you must set permissions on both the parent folder and the parent host, cluster, or resource pool for that virtual machine.
Reference: http://pubs.vmware.com/vsphere-4-esx-vcenter/index.jsp?topic=/com.vmware.vsphere.dcadmin.doc_41/vsp_dc_admin_guide/ managing_users_groups_roles_and_permissions/c_hierarchical_inheritance_of_permissions.html