I have just upgraded to Virtual Center 2.5. I have users that cannot browse to the ISO datastore under the CD/DVD configuration without giving them Administrator access at the DataCenter level. They currently have Virtual Machine Administrator permissions and I have even tried giving them Administrator access at this level without success. It has to be at the top level in order for them to browse the datastore. I've read that this is a known bug but, I have not found a resolution that works. Any info would be greatly appreciated.
Hello,
To where are you trying to browse? Somewhere on the server or somewhere on a VMFS/NFS datastore?
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization
On vmfs luns that reside on our SAN
By default, if you assigned Virtual Machine Administrator role, it will default to all 3 datastore permissions and "browse datastore" is checked. Can you double check using "VI Client" click on "Permision" and select "Virtual Machine Administator" and expand "Datastore" to see if "browse datastore" is check or unchecked by accident. What's your current role and were you able to browse datastore as well?
If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!
Regards,
Stefan Nguyen
iGeek Systems LLC.
VMware, Citrix, Microsoft Consultant
Vm Admin role is assigned and the Browse Datastore is selected. You also need Device Connection selected which is done by default under Virtual Machine>Interaction>Device Connection. While all of these are selected by default it still will not allow users to browse the Datastore ISO file when accessing Editing Settings>CD/DVD Drive. If I create a local user on the Virtual Center server I am able to assign Virtual Machine Power User and they are able to browse fine. Power User is the minimum privledge needed to perform this function. Only a top level Administrator has the permissions needed to browse. As a temporary fix I will create a local user for the few adminstrators that need this function and assign accordingly. I have a case open with Vmware and waiting to hear a response.
I will post any results that I find. Thank you for your reply.
Did you ever get a resolution for this problem? I am having the same exact problem. Thanks.
We are opening a case with vmware but if you add a role with "browse datastore" rights and give access to all your users at the highest level in Vcenter (removing the propagate option to avoid problems).
That did the trick for us
It appears that after upgrading to vsphere 4 that the Browse Datastore rights do not get given by default to the previous admins
Just edit the rights under roles and give yourself Browse and File access.