1 Reply Latest reply on Sep 5, 2019 8:15 PM by APJ7033

    VRO 7.6 and VC 6.5 Permissions

    APJ7033 Novice

      Hi

       

      I am trying to lock down my what my VRO user can do. Basically I only want it to be able to all host related actions (join vc, networking, adv config setting etc.). I thought it would be a simple. I seem to be mistaken. Here what I have

       

      1. VC instance added to VRO using administrator@vphere.local account using session per user
      2. In the VRO control center I have configred an AD group as the Admin group  - GROUP1
      3. I have vsphere.local as my default tenant (VRO won't let me select my AD domain as default tenant)
      4. I can login to VRO using the user account - USER1 - that is part of the GROUP1
      5. I have create a folder on my VC and at the folder level permissioned USER1 with the Administrator Role
      6. I log on the VRO using USER1 and run a custom workflow to add a standalone host and I get "permission to perform this operation was denied"
      7. I run the built workflow to add a standalon host and it works
      8. I have logged on to the VC with USER1 and I am able to add a Host

       

      What am I missing, my custom workflow is alomst an exact copy of the built in workflow.