Hi
I am trying to lock down my what my VRO user can do. Basically I only want it to be able to all host related actions (join vc, networking, adv config setting etc.). I thought it would be a simple. I seem to be mistaken. Here what I have
- VC instance added to VRO using administrator@vphere.local account using session per user
- In the VRO control center I have configred an AD group as the Admin group - GROUP1
- I have vsphere.local as my default tenant (VRO won't let me select my AD domain as default tenant)
- I can login to VRO using the user account - USER1 - that is part of the GROUP1
- I have create a folder on my VC and at the folder level permissioned USER1 with the Administrator Role
- I log on the VRO using USER1 and run a custom workflow to add a standalone host and I get "permission to perform this operation was denied"
- I run the built workflow to add a standalon host and it works
- I have logged on to the VC with USER1 and I am able to add a Host
What am I missing, my custom workflow is alomst an exact copy of the built in workflow.