STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021: STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:SV-243076r719471_rule
V-243076
SRG-APP-000211
VCTR-67-000005
CAT II
10
To update a user's or group's permissions to an existing role with reduced permissions:
From the vSphere Client, go to Administration >> Access Control >> Global Permissions.
Select the user or group, click "Edit", change the assigned role, and click "OK".
If permissions are assigned on a specific object, the role must be updated where it is assigned (for example, at the cluster level).
To create a new role with reduced permissions:
From the vSphere Client, go to Administration >> Access Control >> Roles.
Click the green plus sign, enter a name for the role, and select only the specific permissions required.
Users can then be assigned to the newly created role.
From the vSphere Client, go to Administration >> Access Control >> Roles.
View each role and verify the users and/or groups assigned to it.
or
From a PowerCLI command prompt while connected to the vCenter server, run the following command:
Get-VIPermission | Sort Role | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto
Application service account and user required privileges should be documented.
If any user or service account has more privileges than required, this is a finding.
V-243076
False
VCTR-67-000005
From the vSphere Client, go to Administration >> Access Control >> Roles.
View each role and verify the users and/or groups assigned to it.
or
From a PowerCLI command prompt while connected to the vCenter server, run the following command:
Get-VIPermission | Sort Role | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto
Application service account and user required privileges should be documented.
If any user or service account has more privileges than required, this is a finding.
M
5399