In which two vsphere.local groups should an administrator avoid adding members? (Choose two.)
The vsphere.local domain includes several predefined groups. Assign users to one of those groups to be able to perform the corresponding actions.
For all objects in the vCenter Server hierarchy, permissions are assigned by pairing a user and a role with the object. For example, you can select a resource pool and give a group of users read privileges to that resource pool by giving them the corresponding role.
For some services that are not managed by vCenter Server directly, privileges are determined by membership to one of the vCenter Single Sign-On groups. For example, a user who is a member of the Administrator group can manage vCenter Single Sign-On. A user who is a member of the CAAdmins group can manage the
VMware Certificate Authority, and a user who is in the LicenseService.Administrators group can manage licenses.