What are possible valid uses for the default No Access role in vCenter? (Choose two.)
A.
Restrict usage on a object for a member of a group assigned full permissions to the object
B.
Restrict access to sensitive VMs for helpdesk staff
C.
Restrict ESX Admins from managing specific hosts directly
D.
Restrict administrators from managing hosts via vCenter
AB are correct
Theoretically all correct. But why B, D correct?