VMware Cloud Community
APJ7033
Enthusiast
Enthusiast

VRO 7.6 and VC 6.5 Permissions

Hi

I am trying to lock down my what my VRO user can do. Basically I only want it to be able to all host related actions (join vc, networking, adv config setting etc.). I thought it would be a simple. I seem to be mistaken. Here what I have

  1. VC instance added to VRO using administrator@vphere.local account using session per user
  2. In the VRO control center I have configred an AD group as the Admin group  - GROUP1
  3. I have vsphere.local as my default tenant (VRO won't let me select my AD domain as default tenant)
  4. I can login to VRO using the user account - USER1 - that is part of the GROUP1
  5. I have create a folder on my VC and at the folder level permissioned USER1 with the Administrator Role
  6. I log on the VRO using USER1 and run a custom workflow to add a standalone host and I get "permission to perform this operation was denied"
  7. I run the built workflow to add a standalon host and it works
  8. I have logged on to the VC with USER1 and I am able to add a Host

What am I missing, my custom workflow is alomst an exact copy of the built in workflow.

Tags (1)
Reply
0 Kudos
1 Reply
APJ7033
Enthusiast
Enthusiast

Ok so I found the source of my problem, should have RTFM-ed

To join a host to vCenter you need to have rights to the VM's and Templates Folder, I gave my user Read-Only access and things seems getting past my initial issue now

Reply
0 Kudos