esxcli system permission set --id='smb4\on' --role=Adminor:
esxcli system permission set --id='smb4\Domain users' -g --role=ReadOnlywhere -g is a group permission. Note: the permission created in command line interface will not show on web interface. Use the command esxcli system permission list to see the active permissions.
Every user on the domain must be granted read permission on the system before they can have higher permission on a dedicated VM:
vim-cmd vimsvc/auth/entity_permission_add vim.Folder:ha-folder-root "SMB4\domain^users" true "Browse Datastore" true
The role Browse Datastore must have been created (see below) before granting the permission.
Note: We cannot use the esxcli command for a role that is not a system role.Permission on a Virtual Machine can be set using the web interface, the name of domain user is of the form smb4\st123456.
Local roles
These are the roles that are defined on CSIM ESXi servers.vim-cmd vimsvc/auth/role_add "Browse Datastore" Datastore.Browse System.Anonymous System.Read System.View
vim-cmd vimsvc/auth/role_add "One Virtual Machine" Datastore.Browse System.Anonymous System.Read System.View \ VirtualMachine.Config.AddRemoveDevice VirtualMachine.Config.EditDevice VirtualMachine.Config.Settings \ VirtualMachine.GuestOperations.Execute VirtualMachine.GuestOperations.Modify VirtualMachine.GuestOperations.Query \ VirtualMachine.Interact.AnswerQuestion VirtualMachine.Interact.Backup VirtualMachine.Interact.ConsoleInteract \ VirtualMachine.Interact.CreateScreenshot VirtualMachine.Interact.DeviceConnection VirtualMachine.Interact.DnD \ VirtualMachine.Interact.GuestControl VirtualMachine.Interact.MakePrimary VirtualMachine.Interact.Pause \ VirtualMachine.Interact.PowerOff VirtualMachine.Interact.PowerOn VirtualMachine.Interact.Record \ VirtualMachine.Interact.Replay VirtualMachine.Interact.Reset VirtualMachine.Interact.SetCDMedia \ VirtualMachine.Interact.SetFloppyMedia VirtualMachine.Interact.Suspend VirtualMachine.Interact.ToolsInstall \ VirtualMachine.Inventory.Create VirtualMachine.Inventory.Delete VirtualMachine.Inventory.Move \ VirtualMachine.Inventory.Register VirtualMachine.Inventory.Unregister VirtualMachine.State.CreateSnapshot \ VirtualMachine.State.RemoveSnapshot VirtualMachine.State.RenameSnapshot VirtualMachine.State.RevertToSnapshot