1 Reply Latest reply on Sep 14, 2017 6:21 AM by LucD

    vCenter NoAccess not affecting PowerCLI

    Marco_2_G Novice

      Hello everyone

       

      I am having a serious issue. We are running a dedicated vSphere environment for a customer. We have created a management resource pool for our vms (SRM, vCenter, PSC and so on) and put the datastores and network into folders on which we set NoAccess to the customers admin  and backup groups.

       

      In webclient that works well.

       

      However, the client noticed he is able to backup our vms as well. Upon further inspection, I learned that I can use a restricted user to normally browse our management datastore and list the vms in it.

       

      I seem to be missing some fundamental knowledge here. Do I have to edit an independent set of permissions for PowerCLI?

       

      Regards and thanks,

       

      MArco

        • 1. Re: vCenter NoAccess not affecting PowerCLI
          LucD Guru
          User ModeratorsvExpertCommunity Warriors

          No, PowerCLI has no permissions, it purely relies on the ones set on the vCenter.

          Did you already try setting the NoAccess on the root folder?

          You can get that with

           

          $rootFolder = Get-Folder -Name Datacenters

           

          Also note that there are 4 types of folders (Host & Cluster, VM & Template, Storage, Network).
          You will have to set permissions on all 4 of these.

          Blog: http://lucd.info | Twitter: @LucD22 | PowerCLI Reference co-author: http://tinyurl.com/hkn4glz