Automation

 View Only

  • 1.  vCenter Permissions Required for Set-VM -HARestartPriority ?

    Posted Feb 18, 2014 01:20 PM

    Hello,

    I try to configure a functional user with minimum permissions, that configures the "HARestartPriority"-Setting based on some custom Tag on a regular basis (e.g. "Gold" VM's  get "HARestartPriority"=High).

    I want to only give minimal privileges to this role, however I could not find out the vCenter permissions needed to allow "HARestartPriority".

    That's what I do:

      PowerCLI> Get-VM -Location $clusterObj -Name "myServer" -Tag $tag_noneha |  Set-VM -WhatIf:$False -Confirm:$False -HARestartPriority Disabled

    I get:

       Set-VM        fault.NoPermission.summary

    Even if all VM Permissions are given to the role of the user in question. I also did not find any "HARestartPriority" permission.

    Any hints on the permissions required ?

    Thanks,

    Robert



  • 2.  RE: vCenter Permissions Required for Set-VM -HARestartPriority ?

    Posted Feb 18, 2014 02:54 PM

    Afaik, you will need the Host.Inventory.EditCluster privilege.

    And most probably the default ones as well: System.Anonymous, System.View, and System.Read.



  • 3.  RE: vCenter Permissions Required for Set-VM -HARestartPriority ?

    Posted Feb 18, 2014 02:58 PM

    So this means it can not be set on a "per VM" or "per Folder" level, only on the "per Cluster" level or globally ?



  • 4.  RE: vCenter Permissions Required for Set-VM -HARestartPriority ?

    Posted Feb 18, 2014 03:02 PM

    Not 100% sure about that, but since it involves reconfiguring the cluster, that would at least be a privilege that is required.



  • 5.  RE: vCenter Permissions Required for Set-VM -HARestartPriority ?

    Posted Feb 18, 2014 06:35 PM

    I tested it and it works. Giving Host -> Inventory -> "Modify Cluster" permission to the role and assigning the Role on the user at the Cluster Level (with inherit) is sufficient.