VMware Cloud Community
schofies
Contributor
Contributor
‎10-15-2016 08:16 PM

Error in (Workflow.SS Run program in guest / Scriptable task (item1)#15) Permission to perform this operation was denied.

newbie to vRO troubleshooting.  Not sure where to look.  I have a linux based vm with a local shell script. 

Is this a vCenter permission being denied?  I have a limited user access to vCenter for vRA permissions (not sure that matters)

When I run the workflow within vRO, I can reproduce

Embedded vRO instance running on a vRA 7.1 appliance.

When I manually run the script, located on my guest with parameters, it works.

I retyped the password in the attribute on the workflow.  It was migrated using Code Stream Houdini from one vRO instance to another.

0 Kudos
2 Replies
iiliev
VMware Employee
VMware Employee
‎10-16-2016 03:24 AM

Yes, this error is thrown by vCenter.

According to vSphere API documentation http://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.wssdk.apiref.doc/vim.vm.guest.ProcessManager.... the user attempting to start a program in the guest should have VirtualMachine.GuestOperations.Execute privileges on the virtual machine.

So first thing to figure out is how your vCenter plug-in is configured in vRO - using a 'session per user' mode or in 'shared session' mode? If with 'session per user', then when you start the workflow within vRO it will connect to vCenter with the user logged in vRO; if with 'shared session', then the workflow is executed on behalf on some shared account with different permissions than yours.

Once you figure out the user, you can check with your vCenter admin whether this user has the aforementioned permission for the virtual machine used as input parameter in the workflow run.

The other thing to check for more information/error details are the logs. vRO logs can be found under /var/log/vco/app-server/; for vCenter logs you may contact your vCenter admin.

0 Kudos
schofies
Contributor
Contributor
‎10-16-2016 10:11 AM

Thanks for the detailed response.  I'll check on Monday.  This is exactly what i was looking for.   l'm newer to vRO and using my use case to help get better af vRO.  It's a blueprint within vRA 7.1, deploys a Photon image and adjusts Photon via a Event broker event (MachineActivated) to run a workflow, which collects the data from "payload" data, calls a script.    My environment has a restricted user in vCenter (followed a best practice guide somewhere, must have missed this permission). 

Steve

0 Kudos