VMware Cloud Community
duffman146
Contributor
Contributor

AD Permissions issue in vCenter

Running vSphere 5.5U2 with SSO and Windows AD authentication

Here is my issue:

Some customers only needs access to a particular cluster or vApp.  Ideally, instead of adding their actual AD account, I just put them in a security group that has whatever level of access they need.  So I put user "A" into security group "B" and give security group "B" permissions in vCenter.  I give them "Read-only" access to the vcenter server and datacenter and do not check "propagate to child....."  Then I give security group "B" the appropriate rights to the cluster they need and keep propagate checked.  This fails.  They cannot log in

However, if I skip putting them into a security group and just use their individual AD account, it works no problem.  Is there something I am missing here because its been an issue for a LONG time.  Ive tried "googling" and can never find a solution.

Thanks in advance!!

Reply
0 Kudos
2 Replies
brunofernandez1

have you some printscreens of your actual permissions configuration?

normally you can also work with active directory security groups...

------------------------------------------------------------------------------- If you found this or any other answer helpful, please consider to award points. (use Correct or Helpful buttons) Regards from Switzerland, B. Fernandez http://vpxa.info/
Reply
0 Kudos
duffman146
Contributor
Contributor

I'd rather not do screenshots as this is a production environment;)  Just wondering if anyone else has had this issue and if they fixed it.

Reply
0 Kudos