My domain account has administrator role on vCenter, therefore I have full privilege on my vCenter environment.
But today I see that my account doesn't have full right on some single virtual machines.
I cannot move them among folders in VMs and Templates, cannot remove them out of Inventory to re-add them again, cannot migrate them..
Meanwhile, I have full privilege on all other virtual machines in the same folder and in vCenter environment as well.
This is strange, does anyone of you know why?
Thanks.
permission assigned at higher object levels can be overridden at lover object level for particular user account.
in vSphere Client, select your VM and navigate to Permissions Tab, see what's listed as associated role for your user account.
I am sure you will find that your user doesn't have effective administrator role on this VM.
Please also consider group membership for your user account. and roles associated with those groups on this VM.
Here is screenshot on permissions tab of the virtual machine which my account doens't have full right:
My user account is the entry in the bottom, it has administrator role on the whole vCenter, except some VMs like this one.
so, your user account is <yourdomain>\cqa
please double check if this account is already member of one of those group accounts which are also part of this permission tab. If you find this same user in any of those group, then check role associated with that group.
Make sure the access for the account is at the vCenter level and set to propagate. Also, if it is just one VM, make sure it doesn't have an active task. I've had this happen most commonly with a VMware Tools installation that hung, and while there was nothing in the tasks panel, the summary tab of the VM showed: Active Task: Installing VMware Tools.
Hi,
yes, I've checked all that you suggested.
also checked all the roles. They looks ok. Administrator role is read-only and propagated, inherited to sub objects.
This issue is tricky
and I guess you have also checked those bits addressed by greco827, like your VM doesn't have any active tasks stuck half way through.
Yes, of course.
No active tasks on it.
I'm confused by this statement .... " Administrator role is read-only and propagated, inherited to sub objects." Why is Administrator read-only?
I mean that built-in role is non-editable.
Login using administrator@vsphere.local account, this will be full administrator on your vCenter inventory if there were no modifications done.
and you can correct role assignments.