VMware Cloud Community
jpiscaer
Enthusiast
Enthusiast
‎07-29-2015 02:24 PM

vCenter 6 'Empty Inventory' due to permissions

I have a fully functional, completely working vCenter 6 environment. Admin users can log in and see the entire inventory, as they're supposed to.

However, I have a number of business users that need restricted permissions in a subfolder in the inventory. I have added a new role to vCenter with the permissions they need, and applied that role for that user to the specific subfolder.

Now: those users are not supposed to see any other folders in the inventory tree above of on the same level in the tree, just their own folder.

Before I upgraded to vCenter 6 (appliance), I had it working fine. With vCenter 6, this model broke: the users only see the 'empty inventory' text in the 'VMs and Templates' view.

Weird thing is: when that same user browses to 'vCenter Inventory Lists', clicks 'Virtual Machines', he sees his own (and only his own) VM and can interact with it in accordance with his permissions.

So it seems there's a new permission needed in vCenter to see only that part of the Inventory tree applicable to a specific user, but I (1) haven't found that permission yet and (2) wouldn't even know to which object in the tree to assign the permission

Any thoughts?

Cheers, Joep Piscaer VMware vExpert 2009 Virtual Lifestyle: http://www.virtuallifestyle.nl Twitter: http://www.twitter.com/jpiscaer LinkedIn: http://www.linkedin.com/in/jpiscaer **If you found this information useful, please consider awarding points**
24 Replies
Devastator126
Contributor
Contributor
‎03-28-2016 12:13 PM

I am also experiencing the same problem. However I have noticed I can get it working for one user and then when I got to apply the permissions to the second users it breaks the first user. We have been waiting on a call back for about two weeks now.

0 Kudos
LandonUMN
Contributor
Contributor
‎04-22-2016 07:45 AM

I have the exact same issue. We have a few dozen students with "Virtual machine user (sample)" permissions applied to their individual VMs. We had to apply Update 1 to fix this problem: VMware KB:    Users are unable to power on virtual machine with the Virtual Machine Power User role ...

to give them power access without granting them view access to all details on the host, cluster, data center and vCenter server up the tree (which is not appropriate access for students to our infrastructure, even if it is read-only). Then I emailed instructions on how to use the left menu/Navigator to find their VM. A couple days later, tickets come in that they no longer see their VMs but get an "Empty Inventory." With my test user, I could replicate both before and after.

The workaround for me was to tell everyone to search for their VM's name in the Search bar in the upper-right. That's letting them find and get access to their VM.

0 Kudos
emcKeith
Contributor
Contributor
‎06-15-2016 08:38 AM

- VCSA 6.0 U1 (build 3018523)

- Web client 6.0.0 (build 2997665)

- Fat client 6.0.0 (build 2741530)

- Two vsphere.local users

- User1 is granted full administrator permissions to their own already created resource pool, vm folder, datastore and port group.

- Logging in as user1 with web client, user has access to their RP, vm folder, datastore and port group as expected.

- Next, user2 is granted full administrator permissions to their own already created resource pool, vm folder, datastore and port group.

- Logging in as user2 with web client, user has access to their RP, vm folder, datastore and port group as expected.

- But, logging back in as user1 with web client, user1 sees "empty inventory" in all views

- No issues when using fat client, but that's not an option for end users.

- Following steps of setting read-only at DC level etc did not resolve issue

0 Kudos
Inny
Contributor
Contributor
‎07-12-2018 03:05 AM

In my case, running vCenter 6.0 U3, users were unable to view VM's to which they had "Virtual machine user (sample)" Permissions (Inherited to child items) through their containing folder.

The solution ended up being to assign them Read-only rights alongside their "Virtual machine user (sample)" Permissions (both Inherited to child items) through their containing folder.

In order to do this, I created a secondary Security Group SG_vCenter_Users with the primary Security Group SG_vCenter_VDI_Users as a Member.

It appears it was not necessary to add Read-only permissions at a higher level.

screenshot1.png

0 Kudos
REC007
VMware Employee
VMware Employee
‎07-12-2018 03:24 AM

I had the same issue and giving permission on the host level (read only) fixed the issue.

Looks like starting 6.0 we need to give permission at least on host level or VC level to view the object.

Hope this Helps!!!

Thanks!

0 Kudos