VMware Cloud Community
dsaydon
Contributor
Contributor
‎02-18-2016 05:42 AM

Permission to perform this operation was denied. Required privilege 'VirtualMachine.State.CreateSnapshot'

I'm trying to create a snapshot using the power cli

I added the relevant permissions (i think) to a user (from different domain). I can get lists for example: get-vm is working.

The issue is when I'm trying to create a snap shot I get the following error:

New-Snapshot : 2/18/2016 4:35:53 PM    New-Snapshot        Permission to perform this operation was denied. Required privilege 'VirtualMachine.State.CreateSnapshot'

on managed object with id 'VirtualMachine-vm-2566'.  

At line:1 char:27

+ Get-VM -Name $computer  | New-Snapshot -Name "BeforePatch" -Description "Before  ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [New-Snapshot], NoPermission

    + FullyQualifiedErrorId : Client20_VMServiceImpl_CreateSnapshot_ViError,VMware.VimAutomation.ViCore.Cmdlets.Commands.NewSnapshot

I also try to change the permission to Administrator to the user and I still get this error which is very wired.

the permissions on the role:

Name                                Description                

----                                -----------                                

Anonymous                           The only privilege held by sessions which have

View                                Visibility without read access to an entity. Th

Read                                Grants read access to an entity               

Create snapshot                     Create a snapshot                                

Revert to snapshot                  Make a snapshot current                          

Remove Snapshot                     Remove a snapshot                                 

Rename Snapshot                     Rename a snapshot                              

Any idea?

Tags (2)
0 Kudos
6 Replies
LucD
Leadership
Leadership
‎02-18-2016 06:14 AM

Can you create the snapshot with that same account from the Web Client ?

Are you saying that you gave the principal the Administrator role, and the message was still there ?

Not sure what you mean by "permission to Administrator", do you mean the role ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
dsaydon
Contributor
Contributor
‎02-18-2016 08:41 AM

Hi LucD,

I have vsphere 5.5 U2

I also tried to check this in the web client with the same issue.

I also try to check that the user (from another domain using sso) is not appear in other roles.

Permission to Administrator = change to role Adminstrator

0 Kudos
LucD
Leadership
Leadership
‎02-18-2016 09:33 AM

A wild guess, could that user be (or have been) a member of the local Administrators group on the vCenter ?

Does this only occur with that specific account ? Or with others that have the Administrator role ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
dsaydon
Contributor
Contributor
‎02-20-2016 04:26 AM

this user is not a member in the Administrators

This occur only in that user

to workaround this I created a user in the domain that the VCenter server is aa member and then The Admin role works.

Very wired the user from another domain is has this issue.

0 Kudos
LucD
Leadership
Leadership
‎02-20-2016 04:56 AM

Do other users from that other domain have the same issue ?

Did you add that other domain to the Default Domains ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
dsaydon
Contributor
Contributor
‎02-21-2016 05:56 AM

For my user for example I don;t have this issue

This Domain is not the default

0 Kudos