WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud
  • Tanzu
    • Application Modernization
    • Tanzu services
    • Tanzu Community Edition
    • Tanzu Kubernetes Grid
    • vSphere with Tanzu
  • Home Lab
  • Nested Virtualization
  • Apple
You are here: Home / vSphere / Quick Tip - How to disable viewing of vSphere Tags?

Quick Tip - How to disable viewing of vSphere Tags?

01.26.2022 by William Lam // 3 Comments

I just answered an interesting inquiry that came from our field on how to prevent users in vCenter Server from viewing vSphere Tags? The use case here is that the data contained in the vSphere Tags may not be something administrators want general users to be able to see, especially if they contain sensitive information, which hopefully folks are not using to store things like credentials or secrets.

If you navigate to the vSphere Roles, you will see a number of vSphere Tagging privileges, but there is nothing that covers the ability to remove read only access.


One very important thing to understand about the authorization of vSphere Tags is that it is NOT controlled by standard vSphere Permissions that you would assign in the vSphere Inventory but that it is controlled via vSphere Global Permissions, which are outside of the vSphere Inventory, which also includes vSphere Content Library and other vCenter Servers.

If you wish to disable the ability to view vSphere Tags for a VM while still maintaining basic read only view for VM, you need to ensure there is not a read only role assignment for your user under Global Permissions. You can check by navigating to vSphere UI under Administrator->Global Permissions. If the user that you are logging in with does not have a Read Only Global Permission, they will not see any of the vSphere Tagging information nor vSphere Content Library, which is another side affect.

More from my site

  • Enhanced vCenter Server Audit Event & Logging in vSphere 6.7 Update 2
  • Monitoring vSphere account password & permission changesĀ 
  • Using PowerCLI and vSphere Tags to create/migrate HCX Mobility Groups to VMware Cloud SDDC
  • vSphere Tag Attach/Detach events now in VMware Cloud on AWS
  • Automating vSphere Global Permissions with PowerCLI

Categories // vSphere Tags // global permission, tag

Comments

  1. BUSCH CHRIS says

    01/26/2022 at 11:04 am

    Hi Wlliam,
    Is there an easy way to backup or redeploy an esxi instance incl. custom VIbs like nvidia?
    I dont want to manually install all those vibs when Im setting up a new esxi server.

    Reply
    • Joe Cooper says

      01/26/2022 at 11:15 am

      Try the new Lifecycle Manager in vCenter Server v7. It allows you to create a custom image for your cluster. When you add new hosts to your cluster the image (including your vibs) is deployed to the new host.

      Reply
    • William Lam says

      01/26/2022 at 12:06 pm

      Please keep comments/questions related to the actual topic of the blog post. If you have other topic/questions, please post them on the VMware Community Network https://communities.vmware.com/

      Reply

Thanks for the comment! Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Author

William Lam is a Senior Staff Solution Architect working in the VMware Cloud team within the Cloud Infrastructure Business Group (CIBG) at VMware. He focuses on Cloud Native technologies, Automation, Integration and Operation for the VMware Cloud based Software Defined Datacenters (SDDC)

Connect

  • Email
  • GitHub
  • LinkedIn
  • RSS
  • Twitter
  • Vimeo

Recent

  • How to bootstrap ESXi compute only node and connect to vSAN HCI Mesh? 01/31/2023
  • Quick Tip - Easily move or copy VMs between two Free ESXi hosts? 01/30/2023
  • vSphere with Tanzu using Intel Arc GPU 01/26/2023
  • Quick Tip - Automating allowed and not allowed Datastores for use with vSphere Cluster Services (vCLS) 01/25/2023
  • ESXi with Intel Arc 750 / 770 GPU 01/24/2023

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2023

 

Loading Comments...