Hi,
I couldnt' find a vMA specific discussion so I am posting here. Sorry if I missed it but searched for some time and couldn't find one.
I am a bit lost on the vMA and AD integration. Yes, it seems to work fine, I have joined it to our domain fine. The document stops short after adding it to the domain. It seems that any domain user can access the vMA once this is done?
So then, I guess the security on who can run commands against hosts is done through permissions on the vCenter itself and applying AD group permissions against the vCenter and hosts?
Or is there an additional method of controlling who can login to the vMA itself and what permissions the user has on the vMA?
And if any user can login to the vMA, and they can sudo ... are they not able to damage the vMA in some way by say deleting files or something? It seems like letting any user login is a bit of a security hole and should really be controlled to me, but would appreciate anyone guiding me on this.
Thanks
Bill