VMware vSphere 8.x Professional — Question 88

An administrator is tasked with allowing a single user the ability to take snapshots on a virtual machine. When looking in vCenter, the administrator can see that there are already users and groups assigned permissions on the virtual machine as follows:

• The group VM_Users has the Virtual Machine Power User role.
• The group VM_Viewers has the Read Only role.

The administrator confirms that the user requesting the additional access is currently one of five members of the VM_Viewers group.

Which two steps should the administrator take to grant this user the additional access required without impacting the user access of others? (Choose two.)

Answer options

• A. Add the user to the VM_Users group and leave the permissions on the virtual machine object unchanged.
• B. Add a new permission on the virtual machine object selecting the user and the new custom role.
• C. Edit the Read Only role to add the Virtual Machine Snapshot Management privileges.
• D. Create a new custom role with the Virtual Machine Snapshot Management privileges.
• E. Add a new permission on the virtual machine object selecting the VM_Viewers group and the new custom role.

Correct answer: B, D

Explanation

The correct answers are B and D because adding a new permission specifically for the user with a custom role that includes snapshot privileges directly grants the necessary access without altering the existing group permissions. Option A would change the user's access level affecting the group dynamic, while C would impact all users in the VM_Viewers group by modifying their role. Option E would not provide the individual user with the needed access since it applies to the entire group.