Examice

Exam 2v0-2123 All QuestionsBrowse all questions from this exam

Question 55

An administrator is tasked with providing users access to objects within an existing VMware vCenter instance. The vCenter inventory has a single data center with one management vSphere cluster and five workload vSphere clusters.

The following requirements must be met for assigning the users access:

Users must only be able to view all of the inventory objects associated with the management vSphere cluster.

Users must be able to edit all of the inventory objects associated with the workload vSphere clusters.

The administrator creates a custom role to provide the permissions needed to allow users to edit inventory objects.

Which series of steps should the administrator complete to assign the custom role and provide the required level of access to users?

Apply Global permissions to assign the Read Only role to the root vCenter object.

Apply vCenter permissions to assign the custom role to the workload vSphere clusters and enable propagation.

Apply Global permissions to assign the Read Only role to the root vCenter object and enable propagation.

Apply vCenter permissions to assign the custom role to the workload vSphere clusters and enable propagation.

Apply Global permissions to assign the Read Only role to the root vCenter object.

Apply vCenter permissions to assign the custom role to the workload vSphere clusters.

Apply Global permissions to assign the Read Only role to the root vCenter object and enable propagation.

Apply vCenter permissions to assign the custom role to the workload vSphere clusters.

Correct Answer: B

To provide the required level of access to users, the administrator should apply Global permissions to assign the Read Only role to the root vCenter object and enable propagation. This ensures that users can view all objects within the vCenter inventory, including the management vSphere cluster. Then, the administrator should apply vCenter permissions to assign the custom role to the workload vSphere clusters and enable propagation. This ensures that users can edit all the inventory objects associated with the workload vSphere clusters. Propagation is necessary to ensure that these permissions apply not only to the top level of the clusters but to all objects within those clusters.

Discussion

DizzzyDOption: B

This was my answer, passed with 452

AchabOption: A

Why not A ? If you apply global permissions read permission on vcenter root object AND enable propagation, read permissions will propagate to ALL of the clusters. all of the inventory objects associated with the management vSphere cluster

mr00vaOption: B

"Users must be able to edit ALL OF THE INVENTORY OBJECTS associated with the workload vSphere clusters."

JesterVSOption: B

Propagation is needed

atinivelliOption: B

i'd say B

Ilmace86Option: B

I think I'll go for B. Without propagation on workload clusters, you'll get custom roles only at the root level where you apply permission

dredlineeOption: B

When you assign a permission to an object, you can choose whether the permission propagates down the object hierarchy. You set propagation for each permission. Propagation is not universally applied. Permissions defined for a child object always override the permissions that are propagated from parent objects.

dennis314159Option: B

Table 2-1. Differences Between vCenter Server Permissions and Global Permissions Permission Type Description vCenter Server vCenter Server permissions apply to specific objects in the inventory hierarchy, such as hosts, virtual machines, datastores, and so on. When you assign vCenter Server permissions, you specify that a user or group has a role (set of privileges) on the object. Global Global permissions give a user or group privileges to view or manage all objects in each of the inventory hierarchies in your deployment. Global permissions also apply to global objects such as tags and content libraries. See vCenter Server Permissions on Tag Objects. If you assign a global permission and do not select Propagate, the users or groups associated with this permission do not have access to the objects in the hierarchy. They only have access to some global functionality such as creating roles. Therefore, propagation at Global level is required. Answer B.

WOODENPCOption: D

tested: propagation at global permission is sufficient

[Removed]Option: D

Virtual Machine Edit Inventory Privileges You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. Read page 453 in https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-esxi-vcenter-801-security-guide.pdf

Bert_77Option: B

B is the correct answer, tested in lab envoronment. Propagation is required, if not you will only set the permissions on the level where you configure it, not on the objects below.

SeeWishOption: B

Tested in lab. Answer is B Propagation is needed for both

kijkenOption: D

only first line needs propagation

VMwareGuy123Option: B

I also opt for option B. What is the point of setting the permission only on the cluster object without propagation? There can be many objects under a cluster (resource pools, hosts, VMs), etc. I don't want to have to set permissions on them separately. Definitely B!

VMwareGuy123Option: B

Can someone explain: Why not B?

pepi_5121Option: D

https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-esxi-vcenter-801-security-guide.pdf

KlklejdaOption: D

Yes propagation is needed, but for global permissions only, and then it propagates to vcenter permissions. So I think is D https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-esxi-vcenter-801-security-guide.pdf