Permissions on Resource Pools and single VM

str1ker · ‎11-07-2008

Hi Folks.

As some of you (at least the free ESXi Users, like me) might have noticed, with the recent ESXi 3.5U3 - Update, it is finally possible to grant Permissions on Resource Pools w/o VirtualCenter.

So I did a little testing and came across a strange situation:

My aim is to grant an user permissions to a whole resource pool and one (or more) single VMs, which are not part of that pool. But I do so, the VMs outside the pool vanish.

It works fine, if I just assign permissions on single VMs, which might also be located in different resource pools. For the user only this particular VMs are visible, which is very good. But as soon as I grant a permission on a resource pool, all the VMs with permissions in other pools vanish. Only exception are VMs outside of any pools. A Workaround is to grant read-only on the whole host, but this also makes other VMs and Pools visible. Is there any other possibility or am I missing something ?

RParker · ‎11-07-2008

You must be using cross group permissions, one group has access to the pool (inherited from the top level of the server) and then you give them access as part of another group on individual VM's which doesn't have access, and that's why they dissapear. It's conflicting with earlier groups.

If you grant permission to 1 VM, then MOVE it to the resource pool, does it dissapear then?

And no you should not have to grant access to read only to the entire server (although that would work, just tell it not to propagate).

FYI this fucntionality was introduced in ESX U2

All

Permissions on Resource Pools and single VM