VMware Cloud Community
jaheshkhan
Contributor
Contributor

role nd permission: only shutdown restart power on power off on both VM and ESXi host

I want certain users can only shutdown, restart, power on, power off on both VM and ESXi. no other options should be enable for this group of people. how can i achiever it. I tried to create new role. only im able to achieve on VM level power on, power off , suspend and reset. but shutdown guest and restart guest are still greyed out. Similarly not even a single option achieved for host level. so how to do it?

Where can i find these options?

8 Replies
JimKnopf99
Commander
Commander

Hi,

what version are you using? I rebuild this with a test role and add the following permissions to the group.

Host --> Configuration --> Power

Virtual Machine --> Interaction --> Power On

Virtual Machine --> Interaction --> Power Off

With this permission, i am able to power of, power on and shudown restart VM and shutdown, restart hosts.

Tested on vSphere 6.5 and WebClient.

Frank

If you find this information useful, please award points for "correct" or "helpful".
AungAungLay
Contributor
Contributor

Hi,

I did the following setting on vSphere 6.5 and I'm able to power on/Off Shutdown from WebClient. But I can't shutdown by pressing <F12> Shutdown/Restart from yellow color main login screen . It tell me "User does not have permission to login to DUCI. Could you help me?

Host --> Configuration --> Power

Virtual Machine --> Interaction --> Power On

Virtual Machine --> Interaction --> Power Off

Reply
0 Kudos
LokeshHK
VMware Employee
VMware Employee

Is it possible to post screenshot of how you are trying the scenario?

Regards

Lokesh

AungAungLay
Contributor
Contributor

Roles_PowerOnOff_2.jpgRoles_PowerOnOff_1.jpgusers.jpgAssign user&role for host.jpg

Reply
0 Kudos
laboratoriocrm
Contributor
Contributor

Hello Jim,

         your solution works only with the webclient.

I have tha same problem of AungAungLay. I also add the user into "Manage Permission" of "Actions" menu (not only into the "Security and users")  but the error message when I try to logon by F12 into the host is "User does not have permission to login to DUCI". I don't want to give the root password to the user; the Network could be down and the webclient doesn't work so the only way to shutdown the host is by the <F12>. It seems I have to disable the Lockdown mode but I would try other ways.

Have any suggestions?

Really many thanks in advance.

Ciao!

Reply
0 Kudos
laboratoriocrm
Contributor
Contributor

I found myself the solution. I simply added the user with PowerOff&PowerOn roles to the key "DCUI.Access" in "Advanced settings"

Ciao!

Reply
0 Kudos
mutex42
Contributor
Contributor

Hi there,

sorry I do know this is quite an old topic, but I do have the same issue with ESXI 6.7.

I just want the user to be able to start / reboot / shutdown specific VMs without even seeing other VMs.

I've set the permissions like this for a group "just reboot"

Bildschirmfoto 2019-10-06 um 05.39.24.png

If I login with the created user I do only see the VMs the user is supposed to see. So far so good. But if I klick on one of the VMs or try to mark a VM this happens:

Bildschirmfoto 2019-10-07 um 00.08.50.png

Bildschirmfoto 2019-10-07 um 00.08.45.png

Any ideas?

Reply
0 Kudos
nickathome
Contributor
Contributor

Hello,

Please create a new thread and reference this one (vs. reviving an old thread).

To answer your question: You are able to start and stop a virtual machine using the role explained in this post. The authentication dialog you're seeing in the vSphere web client is spawned when the vSphere client refreshes its view. The VM will shut down and start up without you doing anything with the authentication dialog. To test this:

Sign into vSphere/ESXi client with one browser session.

Open an incognito browser window and sign in again to vSphere/ESXi, this time as your limited power on / power off user.

Using the power on/off user browser window, shut down a VM. Don't acknowledge the Sign In authentication dialog.

Watch the same VM from the regular browser window (the one signed in with your full access credentials). You'll see an Action item for shutdown, and the VM will shut down.

Reply
0 Kudos