VMware
vSphere SDK for Perl:

This Question is Not Answered

1 "correct" answer available (10 pts) 1 "helpful" answer available (6 pts)
6 Replies Last post: Oct 8, 2009 7:04 AM by Dexxt0r  

Set permission on a particular datastore on ESXi posted: Oct 6, 2009 8:08 AM

Click to view Dexxt0r's profile Novice
Dexxt0r
8 posts since
Jul 6, 2009

Hi all,

I'm developping an application using vSphere SDK for Perl. But i'm struggling with the following problem:

Let's say we have 2 users: A and B. Both have accounts on ESXi. Each user is assigned his own datastore.

When A connects to ESXi by VI Client to upload files to his datastore, he can browse B's datastore and even delete B's files.

What i want is that A can browse only his own datastore.

Anyone have ideas how to do it by using vSphere SDK? Please help!

Best regards,

Anh-Tu


Tags: esxi, permission, vsphere_sdk_for_perl, datastore

Re: Set permission on a particular datastore on ESXi

1. Oct 6, 2009 7:41 PM in response to: Dexxt0r
Click to view lamw's profile Champion
lamw
2,813 posts since
Nov 27, 2007
I've not played with this specifically, but I think you would just use setEntityPermission with the specific user/role applied to a specific datastore.

=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at: http://engineering.ucsb.edu/~duonglt/vmware/
vGhetto Script Repository
VMware Code Central - Scripts/Sample code for Developers and Administrators
VMware Developer Comuunity
Twitter: @lamw

http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

If you find this information useful, please award points for "correct" or "helpful".

Re: Set permission on a particular datastore on ESXi

2. Oct 7, 2009 12:56 AM in response to: lamw
Click to view Dexxt0r's profile Novice
Dexxt0r
8 posts since
Jul 6, 2009
I've tried to use SetEntityPermission on a reference of datastore but i got error:
SOAP Fault:
* **** -----------*****
* * * * * Fault string: A general system error occurred:*****
* * * * * Fault detail: SystemErrorFault.*****

What I did is:

1. Get a reference on a datastore "DS9":

my $ds_name = "DS9" ;
my $ds_view = GetDsView($ds_name);
sub GetDsView {
my $dc = Vim::find_entity_views(view_type => 'Datacenter');
my @ds_array = ();
@ds_array = (@ds_array, @{$_->datastore});
my $ds_views = Vim::get_views( mo_ref_array => \@ds_array );
foreach my $datastore (@$ds_views) {
if ($datastore->summary->accessible) {
if ($datastore->summary->name eq $ds_name) {
return $datastore; } } }
}
2. Set entity permission on datastore for user "user1" with role "Admin":
my $auth_mgr = Vim::get_view(mo_ref => Vim::get_service_content()->authorizationManager);
$permission = Permission->new( principal => "user1",
group => 'false',
roleId => FindRoleID($auth_mgr, "Admin"),
propagate => 'true');
@permissions = ($permission);
eval {
$auth_mgr->SetEntityPermissions(entity => $ds_view, permission => @permissions);
};

Please help me!

Re: Set permission on a particular datastore on ESXi

3. Oct 7, 2009 9:15 PM in response to: Dexxt0r
Click to view lamw's profile Champion
lamw
2,813 posts since
Nov 27, 2007
Take a look at this script: setUserDatastorePermission.pl

Make note at the bottom of the document, this was tested only on ESX(i) 4.0 with vCenter 4.0


=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at: http://engineering.ucsb.edu/~duonglt/vmware/
vGhetto Script Repository
VMware Code Central - Scripts/Sample code for Developers and Administrators
VMware Developer Comuunity
Twitter: @lamw

http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

If you find this information useful, please award points for "correct" or "helpful".

Re: Set permission on a particular datastore on ESXi

4. Oct 8, 2009 12:50 AM in response to: lamw
Click to view Dexxt0r's profile Novice
Dexxt0r
8 posts since
Jul 6, 2009

I've tested the script on my ESXi 3.5 Update 3 without vCenter and i got the same error:

C:\Program Files\Apache Software Foundation\Apache2.2\htdocs>perl setUserDatasto
rePermission.pl --server 192.168.29.128 --username root --datastore 9 --rolename
Admin --user anhtu
Enter password:
Searching for rolename: Admin...
Applying role: "Admin" to user: "anhtu" on datastore: "9"
* Error:*
* SOAP Fault:*
* -----------*
* Fault string: A general system error occurred:*
* Fault detail: SystemErrorFault*

The reason for this might be that i don't have vCenter ?

Re: Set permission on a particular datastore on ESXi

5. Oct 8, 2009 7:01 AM in response to: Dexxt0r
Click to view lamw's profile Champion
lamw
2,813 posts since
Nov 27, 2007
So there are two requirements for this, datastore permission was only recently introduced in vSphere 4.0 along with network permissions. This was not something that was available in VI 3.5 and these permissions were maintained at the vCenter server, so you would need to be running vSphere 4.0 (ESX/ESXi and vCenter) for this to work.

=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at: http://engineering.ucsb.edu/~duonglt/vmware/
vGhetto Script Repository
VMware Code Central - Scripts/Sample code for Developers and Administrators
VMware Developer Comuunity
Twitter: @lamw

http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

If you find this information useful, please award points for "correct" or "helpful".

Re: Set permission on a particular datastore on ESXi

6. Oct 8, 2009 7:04 AM in response to: lamw
Click to view Dexxt0r's profile Novice
Dexxt0r
8 posts since
Jul 6, 2009
Ok, I get it. Thank for this helpful information :)

Actions

Developer SDKs & APIs

Developer Resources

Developer Social Media

Communities