I'm reading over the Managing VMware VirtualCenter Roles and Permissions pdf, I'm also reading thru a book "esx server in the enterprise" yet I can't seem to find a solution or any mention of the problem.
Can someone please help with this irratating issue? Do you need more info? Please help!!
Follows a sample list of what privileges needed for performing conversions (w/o guarantee). Different privileges are needed for different situation, but this should be a kind of union of what is needed, may be a little more.
Thanks for the help, but there is alot of opions that I don't have. You must be using vSphere?
This is straight ESX 3.5.... Old school.. yes!
Tried to copy what I could from your screenshot. Save the new role, tried again.. Same error.
Thanks for trying!
I found a similar environment today (VC 2.5.0 with an ESX 3.0.3 in it) and tried it but didn't reproduce the error. What I am doing with permissions is the following:
- add user 'user' with 'read-only' role at datacenter level
- add user 'user' with 'Administrator' role at VM level
I was able to start a conversion of this VM with Converter 5.0. It does give an 'Unable to obtain hardware information for the selected machine' error when selecting another VM as source.
Then I added a role 'Converter' with the following privileges:
Datastore - Browse Datastore
Host - Local Operations - Create VM
Host - Local Operations - Delete VM
Virtual Machine (everything)
Reource - Assign VM to Resource Pool
and was successful again.
That basically works!
Thank you patanassov for you're continued assistance!
I was really trying not to have my user see any of the other ESX servers or VM's they dont have access too. When I tried to set no access on hosts and clusters, and then set admin role on the VM I saw the error. If I set hosts and clusters as you did everything works.
So the parent role that's on all the datacenter over rules what's done on the object? Think that's how it works.
Basically this has been addressed even tho I'm not 100% happy, but will mark as solved!
Hello again. Glad to read it has worked out 🙂
I have erroneously assumed you must have read-only permissions at datacenter level because I didn't see the VM at all in the inventory in host-and-clusters view (but it shows in VMs-and templates). I managed with your permissions setup to reproduce it in vSphere 5.0.
The additional trick is to add read only permissions on the VM network the source VM is assigned to. I suppose this should work also for VC 2.5.