Which type of access should be granted to these junior administrators?

A cloud administrator wants to restrict Junior administrators to creating, deleting, and managing virtual machines in the Development folder In the VMware Cloud on AWS vCenter Server instance.

Which type of access should be granted to these junior administrators?

A. CloudAdmln role and global permissions

B. CloudAdmin role on the Development folder

C. Administrator role on the Development folder

D. Administrator role on the cloud vCenter Server instance

View Answer

Answer: B

Explanation:

This role is designed to give administrators access to manage virtual machines, networks, and other settings within the folder. The CloudAdmin role will also give the junior administrators access to all global permissions that are associated with the Development folder.

"The CloudAdmin role is designed to give administrators access to manage a single folder. This role grants access to manage virtual machines, networks, and other settings within the folder. Additionally, this role grants access to all global permissions that are associated with the folder. For example, if the folder has global permissions that allow users to create or delete virtual machines, the CloudAdmin role will grant access to those permissions within the folder."

The CloudAdmin user can grant other users or groups read-only access to VMware Cloud on AWS vCenter management objects such as the Mgmt-ResourcePool, Management VMs folder, Discovered Virtual Machines folder, vmc-hostswitch, and vsanDatastore. Because this read-only access does not propagate to management objects, you cannot grant it as a Global Permission and instead must explicitly grant it for each management object. VMware Cloud on AWS runs a script once a day that updates any newly-created management objects (such as objects in a new cluster) so that the CloudAdmin user and CloudAdminGroup SSO group have the updated role applied. The script itself does not grant additional access to any user or group, so you’ll need to wait until it completes before the CloudAdmin can use this workflow to grant read-only access to those objects.

Reference: https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center-vms.doc/GUID-06B8A15B-4BE9-4236-8BEA-3F4F7C55D87A.html