An administrator revokes user permissions on an object in vCenter Server. At the time the permissions are revoked, the user is actively logged in to vCenter Server through the vSphere Cleint.
What is true regarding this scenario?
A.
The user immediately loses permissions on the object
B.
The user retains permissions on the object for up to 24 hours
C.
The user retains permissions on the object for up to 24 hours or unul the next time the user logs in to vCrnter Server
D.
The user retains permissions on the object unul the next time the user logs m to vCenter Server
Correct answer is B (read the note)
From page 92, vSphere Datacenter Administration Guide
ESX 4.1To remove users or groups from vCenter Server, you must remove them from the domain or Active Directory users and groups list.
If you remove users from the vCenter Server domain, they lose permissions to all objects in the vSphere environment and cannot log in again.
NOTE Users who are logged in and are removed from the domain keep their vSphere permissions until the next validation period. The default is every 24 hours.
Page61: http://pubs.vmware.com/vsphere-50/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-50-security-guide.pdf
NOTE Changes to permissions and roles take effect immediately, even if the users involved are logged in. The
exception is searches, where permission changes take effect after the user has logged out and logged back in.
The question refers to permissions in Vcenter server which will take place immeadiatly. If permissions are changed in the active directory domain, that is where 24 hours comes into play