User permissions without VC, can't demote a user

I am having some problems configuring user permissions for direct access to my VM host (not through VC).

I added a user at the host level with the administrative role and now I want to reduce his level of access. The problem I am having is no matter what I change his role to it still gives him full access.

I created a role called User which had rights only to perform changes on a VM. I then moved the user into the User group but he still maintains full privileges. If I go to the root of the tree (i.e. the host) and select a new role and click OK to propagate it tells me that :

“The permission for the user/group, User is inherited from the object, ha-folder-root. Modifying it for this object will create a new permission for this object, and not change the original permission.”

I then deleted the user but it is still listed and can still access the host. The delete option is now greyed out.

Any ideas on how I go about removing this user’s global access and limiting it to a few VMs as at the moment I have just had to change the password to something else ?

0 Kudos
0 Replies