Restricting Access to Host Licensing Info

If you wish to restrict visibility to the licensing information on your host you need to create a custom role which:

1) Restricts access to this information on the Licensed Features screen
2) Disables any changes to the permissions and roles set up on the host

The following image shows that the test login is not able to view the license key for the host nor is the login able to Edit the licensing information. The role configured for this login at the host level is also not able to change permissions or modify the roles that have been configured.

Note: The license key for a host is stored in plain text in the file /etc/vmware/vmware.lic. Permissions on the file are set to only allow the root account access to view the contents of the file. However, changing a user’s permissions from the Administrator role to this custom role prevents Tech Support Mode access.

To accomplish this you need to create a custom role. For this example I cloned the Administrator role and then removed the following permissions:

Global > Licenses
Permissions > Modify permission
Permissions > Modify role
Permissions > Reassign role permissions

The login should then be assigned that role at the host level.

Leave a Comment

Your email address will not be published. Required fields are marked *