VMware Cloud Community

Segregating permissions


We are trying to segregate the level of access each team inside of IT will have to the VMs in our SDDC and for the time being, we are having problems implementing permissions for a set of users who should,

1) Convert a Template to a VM

2) Console interaction of the VM

3) Connect/disconnect network to the VM

4) Convert VM back into a template. 

This is basically a team who manages/updates our templates on the vCenter., 

We have currently provided the following permissions,

Virtual machine

  • Edit Inventory
  • Create from existing
  • Create new
  • Move
  • Register
  • Remove
  • Unregister
  • Interaction
  • Console interaction
  • Power off
  • Power on
  • Provisioning
  • Allow disk access
  • Allow file access
  • Allow read-only disk access
  • Create a template from the virtual machine
  • Deploy template
  • Mark as template
  • Mark as a virtual machine
  • Read customization specifications

However, when we try to convert a template to a VM, at the first step, we don't see any host or cluster to select. 

I am not sure what permissions are needed for us to select a host/cluster/datastore. 

Can you please help us out?

Thanks in advance!



Tags (2)
0 Kudos
1 Reply

I am not sure what permissions are needed for us to select a host/cluster/datastore.

Try temporarily elevating the team's permissions to a higher level (such as Administrator role) to test if the issue persists. If the actions work with elevated permissions, it could indicate missing specific permissions.

0 Kudos