I'm having major issues with the 6.5 permissions in the Flash client.
I have a 6.5 VCSA with local SSO and database (all on same appliance).
I have certain users (in Win2012R2 AD groups) that need permissions at lower levels in each of the structures:
- separate datastores
- separate VMs and Templates view
- separate Host Cluster
- separate Distributed Network
I've given the users in their respective areas administrative rights from there down.
I also went into the vCenter and Datacenter and added "Read Only" permissions for these AD groups without propagation.
When these users try to create new VMs, none of their Datastores are available for selection.
They are, however, able to browse through the Datastore and register existing VMs.
The curve ball....
All of these features work fine if they select the HTML5 client instead of the Flash client...