VMware Cloud Community
liorkris
Contributor
Contributor

Add Permission to the vCenter (Error)

Hello,

when I try to add user to local administrator on the vcenter I getting flowing error:

Call "AuthorizationManager.SetEntityPermissions" for object "AuthorizationManager" on vCenter Server "IServerName.FQDN" failed.

19 Replies
RAJ_RAJ
Expert
Expert

Hi ,

How you are trying to add the user from which login ?

Login with SSO admin to webclient and try to add the user  ,select local os / server option in domain

RAJESH RADHAKRISHNAN VCA -DCV/WM/Cloud,VCP 5 - DCV/DT/CLOUD, ,VCP6-DCV, EMCISA,EMCSA,MCTS,MCPS,BCFA https://ae.linkedin.com/in/rajesh-radhakrishnan-76269335 Mark my post as "helpful" or "correct" if I've helped resolve or answered your query!
Reply
0 Kudos
liorkris
Contributor
Contributor

hi,

I tried login with Administrator@vsphere.local user.

error from webclient:

The "Add permission" operation failed for the entity with the following error message.

Provider method implementation threw unexpected exception: %s

Reply
0 Kudos
RAJ_RAJ
Expert
Expert

Hi ,

Which version of the vCenter you are trying

RAJESH RADHAKRISHNAN VCA -DCV/WM/Cloud,VCP 5 - DCV/DT/CLOUD, ,VCP6-DCV, EMCISA,EMCSA,MCTS,MCPS,BCFA https://ae.linkedin.com/in/rajesh-radhakrishnan-76269335 Mark my post as "helpful" or "correct" if I've helped resolve or answered your query!
Reply
0 Kudos
liorkris
Contributor
Contributor

6.0.0 4541947 version

Reply
0 Kudos
twilcox728
Contributor
Contributor

Having the same issue... Any updates?

Reply
0 Kudos
RAJ_RAJ
Expert
Expert

Hi ,

Could you please login with SSO and try to add the account .

RAJESH RADHAKRISHNAN VCA -DCV/WM/Cloud,VCP 5 - DCV/DT/CLOUD, ,VCP6-DCV, EMCISA,EMCSA,MCTS,MCPS,BCFA https://ae.linkedin.com/in/rajesh-radhakrishnan-76269335 Mark my post as "helpful" or "correct" if I've helped resolve or answered your query!
Reply
0 Kudos
RAJ_RAJ
Expert
Expert

Hi ,

Reboot the vCenter or stop and start the services and try .

RAJESH RADHAKRISHNAN VCA -DCV/WM/Cloud,VCP 5 - DCV/DT/CLOUD, ,VCP6-DCV, EMCISA,EMCSA,MCTS,MCPS,BCFA https://ae.linkedin.com/in/rajesh-radhakrishnan-76269335 Mark my post as "helpful" or "correct" if I've helped resolve or answered your query!
Reply
0 Kudos
twilcox728
Contributor
Contributor

Tried to both. I get "Provider method implementation threw unexpected %s"

Jonsie
Contributor
Contributor

I'm getting the same error trying to delete users at the vCSA appliance level. Specifically this:

The "Remove permission" operation failed for the entity with the following error message.

Provider method implementation threw unexpected exception: %s

I suspect this is a bug since the exception doesn't show the actual error string, but instead the variable "%s".

I originally had the vCSA 6.0 appliance that I upgraded to 6.5 and I believe I added these users before I upgraded. Tried logging in as the SSO admin and it's the same error. I upgraded the vCSA to the latest version 6.5.0.5300, but that had no effect. I also tried to re-add the users (no errors) and then delete them (no errors), but then they still appear in the permissions list. If I attempt to delete again then I will get the above error.

Thrakken
Contributor
Contributor

I just did an new installation of vSphere 6.5 with a seperate PSC and VC. After configuring permissions on VC I had to remove everything and do a fresh install of the VC - customer wanted some different basic settings.

I did a new VC install and all permissions from the OLD deleted VC was present in the new one. When trying to delete them I get the same error as Jonsie.

This leads me to believe the bug is in the PSC .. NOT the VC.

Reply
0 Kudos
ShaggySS
Contributor
Contributor

I had the same issue.  I was typing in the username into the box.  instead I searched for the username clicked it and that fixed my problem. 

jerryah
Contributor
Contributor

From the V-center console go to home then Administration then add a new user first after that you can add permissions to the user at the level you need to

ITBrianKS
Contributor
Contributor

I was getting the same message, and for me it was because I was trying to delete a group from the top level (server name) but the permission was actually defined at the global permission level. Just had to remove it from the global, and boom, gone.

Seems like the error message should be more like "you can't remove an inherited permission"

liorkris
Contributor
Contributor

is the middle instaltion, ican acces to console

Reply
0 Kudos
kwg66
Hot Shot
Hot Shot

Same issues here, what a disaster... anybody get a real fix?

I found a workaround but it doesn't fix the underlying issue, it would be to stop vcenter, log into SQL studio (if you are running windows version of vCenter with SQL DB) and select the DB \ tables and delete the user from there, then restart vCenter, found this here:

http://sysadmino.blogspot.com/2015/09/unable-to-remove-permissions-in-vcenter.html

But again, this workaround isn't something you should have to do day to day.  VMware should have stayed clear of the SSO business its been nothing but headaches since day 1... and this is now day what?  5 years later??

Reply
0 Kudos
peterb242
Contributor
Contributor

thanks for the tip! going into Global Permissions allowed me to delete the desired permission

Reply
0 Kudos
moranp
Contributor
Contributor

I just ran into the same error.  My issue was when trying to add a new group.  In a rush I had not tried the Check Name button.  When I did I realized that the name was not found.  I then understood that it required the domain ahead of the group name (e.g. MyDomain\GroupName).  After doing that, it added right away.

Reply
0 Kudos
Iain_Worsfold
Enthusiast
Enthusiast

Hello all,

Ran into the same issue here running separate vCenter and PSC version 6.5.0-8307201 and using Active Directory (Integrated Windows Authentication).

I discovered my likely cause was that some of the user accounts had a space in their user ID. Even adding the users to an AD security group and assigning the permission also caused an issue with logging onto the vCenter server with that account.

After changing the username by replacing the space with an underscore, the issue went away.

Thought it to be worth sharing in case anyone else receives the same problem.

Reply
0 Kudos
jdev_ZA
Contributor
Contributor

My password for the user was either too long or had characters that caused the issues. Made the password simpler/shorter and it worked.