I want certain users can only shutdown, restart, power on, power off on both VM and ESXi. no other options should be enable for this group of people. how can i achiever it. I tried to create new role. only im able to achieve on VM level power on, power off , suspend and reset. but shutdown guest and restart guest are still greyed out. Similarly not even a single option achieved for host level. so how to do it?
Where can i find these options?
Hi,
what version are you using? I rebuild this with a test role and add the following permissions to the group.
Host --> Configuration --> Power
Virtual Machine --> Interaction --> Power On
Virtual Machine --> Interaction --> Power Off
With this permission, i am able to power of, power on and shudown restart VM and shutdown, restart hosts.
Tested on vSphere 6.5 and WebClient.
Frank
Hi,
I did the following setting on vSphere 6.5 and I'm able to power on/Off Shutdown from WebClient. But I can't shutdown by pressing <F12> Shutdown/Restart from yellow color main login screen . It tell me "User does not have permission to login to DUCI. Could you help me?
Host --> Configuration --> Power
Virtual Machine --> Interaction --> Power On
Virtual Machine --> Interaction --> Power Off
Is it possible to post screenshot of how you are trying the scenario?
Regards
Lokesh
Hello Jim,
your solution works only with the webclient.
I have tha same problem of AungAungLay. I also add the user into "Manage Permission" of "Actions" menu (not only into the "Security and users") but the error message when I try to logon by F12 into the host is "User does not have permission to login to DUCI". I don't want to give the root password to the user; the Network could be down and the webclient doesn't work so the only way to shutdown the host is by the <F12>. It seems I have to disable the Lockdown mode but I would try other ways.
Have any suggestions?
Really many thanks in advance.
Ciao!
I found myself the solution. I simply added the user with PowerOff&PowerOn roles to the key "DCUI.Access" in "Advanced settings"
Ciao!
Hi there,
sorry I do know this is quite an old topic, but I do have the same issue with ESXI 6.7.
I just want the user to be able to start / reboot / shutdown specific VMs without even seeing other VMs.
I've set the permissions like this for a group "just reboot"
If I login with the created user I do only see the VMs the user is supposed to see. So far so good. But if I klick on one of the VMs or try to mark a VM this happens:
Any ideas?
Hello,
Please create a new thread and reference this one (vs. reviving an old thread).
To answer your question: You are able to start and stop a virtual machine using the role explained in this post. The authentication dialog you're seeing in the vSphere web client is spawned when the vSphere client refreshes its view. The VM will shut down and start up without you doing anything with the authentication dialog. To test this:
Sign into vSphere/ESXi client with one browser session.
Open an incognito browser window and sign in again to vSphere/ESXi, this time as your limited power on / power off user.
Using the power on/off user browser window, shut down a VM. Don't acknowledge the Sign In authentication dialog.
Watch the same VM from the regular browser window (the one signed in with your full access credentials). You'll see an Action item for shutdown, and the VM will shut down.