vicfg-user - manage users and groups
vicfg-user <conn_options> -e <user | group> -o <add | modify | delete | list> [options]
Note: The syntax of this command differs from other vSphere CLI commands.
An ESX/ESXi system grants access to its resources when a known user with appropriate permissions logs on to the system with a password that matches the one stored for that user. The vicfg-user command supports creating, modifying, deleting, and listing local direct access users and groups of users on an ESX/ESXi host. You cannot run this command against a vCenter Server system.
User management is discussed in detail in the ESX Configuration Guide, the ESXi Configuration Guide, and the Basic System Administration document.
Comma-separated list of groups to add the user to.
Comma-separated list of users to add to a specified group.
Specifies the target server and authentication information if required. Run
for a list of all connection options.
Required. Entity to perform the operation on (user | group).
Prints a help message for each command-specific and each connection option. Calling the script with no arguments or with --help has the same effect.
Group name of the group.
Group ID of the group.
Login ID of the user.
Password for the target user.
UID for the target user.
User name for the target user.
Required. Operation to perform. Specify
Prompts for a password when you make a change to a user.
Comma-separated list of groups to remove the target user from.
Comma-separated list of users to be removed from the target group.
Role for the target user or group. Specify
Grant shell access to the target user. Default is no shell access. Use this command
to change the default, or to revoke shell access rights after they have been granted.
Valid values are
This option is supported only for ESX. The option is meaningless for ESXi.
The following examples assume you are specifying connection options, either
explicitly or, for example, by specifying the server, user name, and password.
vicfg-user --help for a list of common options including connection options.
Add a user with login ID user27:
vicfg-user <conn_options> -e user -o add -l user27 -p 27_password
Modify password, user ID, and user name for the user with login ID user27:
vicfg-user.pl <conn_options> -e user -o modify -l user27 -p 27_password -i <new user id> -n <new user name>
Add the user with user name user27 to a group test:
vicfg-user <conn_options> -e user -o modify -l user27 -g test
Assign the role read-only to user27 and prompt for a password.
vicfg-user <conn_options> -e user -o modify -l user27 --role read-only --promptpassword
Remove the user with user name user27:
vicfg-user <conn_options> -e user -o delete -l user27
Add group42 as a group:
vicfg-user <conn_options> -e group -o add -d group42 -D 501
Add a user "test" to group42:
vicfg-user <conn_options> -e group -o modify -d group42 -u test
Remove group group42
vicfg-user <conn_options -e group -o delete -d group42
List groups and users:
vicfg-user <conn_options> -e group -o list
List users in group42:
vicfg-user <conn_options -e group -o list -d group42
Add group group42, with group ID 501 and role read-only:
vicfg-user.pl <conn_options> --entity group --operation add --group group42 - -groupid 501 --role read-only