Information
Administrative users must only be assigned privileges they require. Least Privilege requires that these privileges must only be assigned if needed, to reduce risk of confidentiality, availability or integrity loss.
Solution
Create roles in vCenter with the required granularity of privilege for the organization's administrator types, and ensure that these roles are assigned to the correct, site-specific users. As a vCenter Server administrator, log into the vCenter Server with the vSphere Client. Go to 'Home>> Administration>> Roles' and create a role for each of the administrator privilege sets the organization requires and allows. Right click on each role name and select 'Edit'. Verify under 'All Privileges>> Virtual Machines' that only site-specific, required checkboxes are selected