Some weeks ago, a customer has reverted by mistake a snapsoht taken on a domain controller, that was some months old… Obviously Active Directory, replicated on another VM, has started working badly, and it took us several days f hard work on the AD database (using adsiedit and other tools…) to make everything work again.
That case showed again the importance of assigning limited rights to cVenter users, and avoid using always the original administrator user. Some activities like snapshots management, if not clearly known by the sysadmin, can lead to painful damages.
Also, vCenter has some pre-configured roles, easily assignable to users. About snapshots, obviously Administrator is authorized to manage snapshots completely:
Using instead a role like Virtual Machine User, we will remove the ability to manage snapshots (and to do damage!):
Finally, besides preconfigured roles, we can create our own roles enabling/disabling the options.