Information
Audit the list of users who are on the Exception Users List and whether the have administrator privleges.
In vSphere 6.0 and later, you can add users to the Exception Users list from the vSphere Web Client. These users do not lose their permissions when the host enters lockdown mode. Usually you may want to add service accounts such as a backup agent to the Exception Users list. Verify that the list of users who are exempted from losing permissions is legitimate and as needed per your enviornment. Users who do not require special permissions should not be exempted from lockdown mode.
http://pubs.vmware.com/vsphere-60/topic/com.vmware.vsphere.security.doc/GUID-6CD8C2E3-7925-4706-8271-F42F2BCFF95D.html
http://blogs.vmware.com/vsphere/2015/03/vsphere-6-0-lockdown-mode-exception-users.html
Solution
From the vSphere web client, select host and click on "Manage" -> "Settings" -> "System" -> "Security Profile". Scroll down until "Lockdown Mode". Click "Edit" and then click on "Exception Users". Add or delete users as per your site requirements.