I'm having the darnedest time trying to complete what I thought would be a very easy thing to do.
I have an Ansible playbook that removes/deletes a hard drive and then adds a new one to a VM. After that, it then powers on the VM. I want to create a vCentre account that only allows those three actions on a specific VM. No matter what I do, I keep getting the following message when I try to remove a hard disk from the VM:
Permission to perform this operation was denied.
NoPermission.message.format
I've even gone as far as giving the user Administrator permissions on the VM and selecting the "Propagate to Children" option.
What do I need to do to give this account the following authority?
These permissions need to be given to a specific VM, only. I don't want Ansible to have access outside of this one VM.
You need to create custom role on this regard. Some permissions should be assigned to the role for access to datastore:
Datastore Privileges (vmware.com)
I think that "Datastore.Allocate space" is enough.
And also some permissions for virtual machine:
Virtual Machine Configuration Privileges (vmware.com)
I am just confirming what is written above. For Datastore should be granted additionally. I forgot that option last week and struggled for an additional hour.
In case there will be additional VM in future - better place it to dedicated VM folder and grant permission from folder level.