Solved: ESX 3.5 - Admin roles - virtual machines administr...

Dandan712 · ‎06-23-2008

Hi everyone,

I run ESX 3.5 and virtual center 2.5

I need to delegate administration ( to a colleague, let's call him John ) for a specific virtual machine, let's call it VM1.

What I did fist was to create a user id John , in the Virtual center server .

Then I provided John with the 'Virtaul machine Administrator' admin Role .

Then, I added this permission to the VM1 virtual machine.

Then, John is able to open his Virtual Center interface, using his own login id .

He is able to do almost everything he should be able to with VM1... : start, stop, standby, edit and modify the VM1settings, such as memomy, cpu, NIC, etc etc

I say almost everything because here is where the problem comes: When he edits the settings for VM1,anf then clicks on the hard drives, he gets the message: ' Exception of type 'Vmomi.Fault.NoPermission' was thown'

So, at first, I thought I had forgotten to add a specific access rights. So I checked and found out the needed privileges were already provided to this role ( that is to say: Virtual Machine / Configuration / remove or Add new disk, add existing disks, etc )

I must say that there is no problem to remove disks, and also to add new disks. That works. The only issue if when I click on the disk to edit and modify its settings, such as : size, or type: persistent, etc.

Any idea ?

Many thanks

Dan

admin · ‎06-23-2008

Since VM's are stored in a datacenter or a VM folder, the user also needs privileges at one of those levels for deleting or adding disks.

Adding permission directly on the VM does not propagate those permissions to objects such as VM folder and datacenter.

See the following doc for more info:

e.g. extract from page 6 of the doc:

Configuration > Add New Disk

A destination folder of virtual machines in the datacenter; a folder containing a datacenter, or the datacenter

itself if you do not use folder-based organization.

View solution in original post

Dandan712 · ‎06-23-2008

I'm sorry: I forgot to tell the most important issue: I cannot remove hard disks ... ( although the right privilege is there : Virtual Machine / Configuration / remove disk )

Texiwill · ‎06-23-2008

Hello,

First thing to consider, do you really want John to be able to modify the state of the VMDK i.e. go independent, if you do you loose the ability to do standard backups of the VM using snapshots, etc. To remove a disk you may also need Datastore->Remove File permissions.

However, you may have uncovered a bug. I would open a case with your VMware Support Representative. if you have the all those permissions enabled things should work as expected.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

ejward · ‎06-23-2008

I had this same issue with VC 2.1. I opened up a ticket with Vmware. Their solution was to give the person datastore rights all the way down the tree. Although I don't think it fixed the issue, it made the problem go away. If that makes any sense. When I migrated to VC 2.5 (I did a fresh install rather than an upgrade), I didn't have the problem. Permissions seem to be working the way I'd expect them to. Not that this helps you in any way but, I agree, open a call.

Dandan712 · ‎06-23-2008

actually, i'm already using VC 2.5, and the user already has datastore rights for the involved VM.

How do you open a ticket with vmware ?

ejward · ‎06-23-2008

Or you can call 877 486 9273

I assume you're in the US.

williamarrata · ‎06-23-2008

Go to this page and you'll see all the contact numbers.

Hope that helped.

Hope that helped. 🙂

admin · ‎06-23-2008