Hello,
I try to configure a functional user with minimum permissions, that configures the "HARestartPriority"-Setting based on some custom Tag on a regular basis (e.g. "Gold" VM's get "HARestartPriority"=High).
I want to only give minimal privileges to this role, however I could not find out the vCenter permissions needed to allow "HARestartPriority".
That's what I do:
PowerCLI> Get-VM -Location $clusterObj -Name "myServer" -Tag $tag_noneha | Set-VM -WhatIf:$False -Confirm:$False -HARestartPriority Disabled
I get:
Set-VM fault.NoPermission.summary
Even if all VM Permissions are given to the role of the user in question. I also did not find any "HARestartPriority" permission.
Any hints on the permissions required ?
Thanks,
Robert
Afaik, you will need the Host.Inventory.EditCluster privilege.
And most probably the default ones as well: System.Anonymous, System.View, and System.Read.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
So this means it can not be set on a "per VM" or "per Folder" level, only on the "per Cluster" level or globally ?
Not 100% sure about that, but since it involves reconfiguring the cluster, that would at least be a privilege that is required.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I tested it and it works. Giving Host -> Inventory -> "Modify Cluster" permission to the role and assigning the Role on the user at the Cluster Level (with inherit) is sufficient.