Information
Lockdown mode disables direct host access, requiring admins to manage hosts from vCenter. Set DCUI.Access to a list of highly trusted users who would be able to override lockdown mode and access the DCUI in the event an ESXi host became isolated from vCenter.
NOTE: If you disable lockdown mode using the DCUI, all users with the DCUI.Access privilege will be granted the Administrator role on the host.
Rationale:
The list prevents all admins from becoming locked out and no longer being able to manage the host.
Solution
To set a trusted users list for DCUI, perform the following from the vSphere web client:
Select the host.
Select 'Configure' -> 'System' -> 'Advanced System Settings'.
Type DCUI.Access in the filter.
Click on the attribute to highlight it.
Click edit.
Set the DCUI.Access attribute to a comma-separated list of the users who are allowed to override lockdown mode.
Click 'OK'.
References:
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-6779F098-48FE-4E22-B116-A8353D19FF56.html
Notes:
Note: By default only the 'root' user is a member of the DCUI.Access list. It is not recommended to remove root from the DCUI.Access list, as this will revoke the root user's admin privileges on the host.