Security Rights on Fabric
Currently there is no possibility to restrict access on the Fabric. For example, if I want to give to an administrator only rights to view/start/restart/shutdown/open console on VMS, there is no way to do this. It would be nice if more roles for fabric could be created like: Virtual Machine Deployment User, Virtual Machine Power user etc, roles that can be customized.
Jesse Cornelson III commented
I agree the granularity of SCVMM leaves a little to be desired. What I would like to see could be accomplished a multitude of ways and I will try to explain. I should say I manage a VMM instance of over 650 host and 6500 guest. Perhaps someone with a much smaller environment may not feel the same way.
First Host groups for my organization work well and I would like to see RBAC applied directly to the Host Groups without the need for Clouds. I am not against clouds, but personally they don't work for me.
I have a couple of issues with clouds, First they are not durable in that if you remove a cluster/host from VMM, any notes, custom attributes, cloud membership is lost for all guest. In a large environment we find ourselves removing and readding clusters to VMM for various reasons pretty frequently. It would make sense to me if VMM stored its guest configuration inside of the native hyper-V attributes to add durability.
The other frustration with clouds is how cumbersome it is to add guest to clouds. You have to select each guest and through several mouse motions add the guest to the cloud and grant access. I would like to see query based clouds. For instance based on the OS of the guest you may have a "desktop" "Linux" or "Server cloud. Query based cloud membership would work with IP addresses of the guest, host names, several different methods. I keep thinking of Query based distribution list.
Also when you create a cloud you are able to scope it to certain host groups, but there should be a check mark that says apply to all guest within the host group. This would in a round about way address my desire to apply RBAC to host groups rather than clouds. The way it is now you scope the cloud to a host group, but have to manually add each guest. I have thousands of guest... not fun.