Hi,
For me, the best option is to integrate your vSphere environment in Active Directory or other LDAP.
By doing this you define vSphere permissions to Active Directory security groups.
But be careful, permissions on vSphere can be desctructive if they are not well designed.
How permissions work in vSphere?
In the vSphere client, you can only assign permissions on VMs or folders only from "VM and templates" view. Of course, if you're familiar with PowerCLi, you can do it also via this tool.
You need to understand the permissions mechanisms in vSphere that is composed of the following components:
Privileges
Roles
Permissions
Security Group
In a practical way, you define a role where you configure different privileges (be very careful with the one you select). Then, you define permissions on a folder or VM by defining which role you will link to an Active Directory security group and done!
If you are not familiar with this procedure, I suggest you to create a lab and test it.
You can find an alternate documentation for this here: VMware vSphere 5.1
Hope it will help,
Regards,
Michaël