Hi all,
I'm developping an application using vSphere SDK for Perl. But i'm struggling with the following problem:
Let's say we have 2 users: A and B. Both have accounts on ESXi. Each user is assigned his own datastore.
When A connects to ESXi by VI Client to upload files to his datastore, he can browse B's datastore and even delete B's files.
What i want is that A can browse only his own datastore.
Anyone have ideas how to do it by using vSphere SDK? Please help!
Best regards,
Anh-Tu
I've not played with this specifically, but I think you would just use setEntityPermission with the specific user/role applied to a specific datastore.
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
I've tried to use SetEntityPermission on a reference of datastore but i got error:
SOAP Fault:
* **** -*****
* * * * * Fault string: A general system error occurred:*****
* * * * * Fault detail: SystemErrorFault.*****
What I did is:
1. Get a reference on a datastore "DS9":
my $ds_name = "DS9" ;
my $ds_view = GetDsView($ds_name);
sub GetDsView {
my $dc = Vim::find_entity_views(view_type => 'Datacenter');
my @ds_array = ();
@ds_array = (@ds_array, @{$_->datastore});
my $ds_views = Vim::get_views( mo_ref_array => \@ds_array );
foreach my $datastore (@$ds_views) {
if ($datastore->summary->accessible) {
if ($datastore->summary->name eq $ds_name) {
return $datastore; } } }
}
2. Set entity permission on datastore for user "user1" with role "Admin":
my $auth_mgr = Vim::get_view(mo_ref => Vim::get_service_content()->authorizationManager);
$permission = Permission->new( principal => "user1",
group => 'false',
roleId => FindRoleID($auth_mgr, "Admin"),
propagate => 'true');
@permissions = ($permission);
eval {
$auth_mgr->SetEntityPermissions(entity => $ds_view, permission => @permissions);
};
Please help me!
Make note at the bottom of the document, this was tested only on ESX(i) 4.0 with vCenter 4.0
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
I've tested the script on my ESXi 3.5 Update 3 without vCenter and i got the same error:
C:\Program Files\Apache Software Foundation\Apache2.2\htdocs>perl setUserDatasto
rePermission.pl --server 192.168.29.128 --username root --datastore 9 --rolename
Admin --user anhtu
Enter password:
Searching for rolename: Admin...
Applying role: "Admin" to user: "anhtu" on datastore: "9"
* Error:*
* SOAP Fault:*
* -*
* Fault string: A general system error occurred:*
* Fault detail: SystemErrorFault*
The reason for this might be that i don't have vCenter ?
So there are two requirements for this, datastore permission was only recently introduced in vSphere 4.0 along with network permissions. This was not something that was available in VI 3.5 and these permissions were maintained at the vCenter server, so you would need to be running vSphere 4.0 (ESX/ESXi and vCenter) for this to work.
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
Ok, I get it. Thank for this helpful information