VMware Cloud Community
DroboDeveloper
Contributor
Contributor

Create account with add/remove discuss permissions on specific VM

I'm having the darnedest time trying to complete what I thought would be a very easy thing to do.

I have an Ansible playbook that removes/deletes a hard drive and then adds a new one to a VM. After that, it then powers on the VM. I want to create a vCentre account that only allows those three actions on a specific VM. No matter what I do, I keep getting the following message when I try to remove a hard disk from the VM:

Permission to perform this operation was denied.
NoPermission.message.format


I've even gone as far as giving the user Administrator permissions on the VM and selecting the "Propagate to Children" option.

What do I need to do to give this account the following authority?

  • Remove (and delete) a hard drive
  • Add a new hard drive
  • Power On the VM

These permissions need to be given to a specific VM, only. I don't want Ansible to have access outside of this one VM.

Labels (1)
Reply
0 Kudos
2 Replies
DavoudTeimouri
Virtuoso
Virtuoso

You need to create custom role on this regard. Some permissions should be assigned to the role for access to datastore:

Datastore Privileges (vmware.com)

I think that "Datastore.Allocate space" is enough.

And also some permissions for virtual machine:

Virtual Machine Configuration Privileges (vmware.com)

-------------------------------------------------------------------------------------
Davoud Teimouri - https://www.teimouri.net - Twitter: @davoud_teimouri Facebook: https://www.facebook.com/teimouri.net/
Reply
0 Kudos
maksym007
Expert
Expert

I am just confirming what is written above. For Datastore should be granted additionally. I forgot that option last week and struggled for an additional hour. 

In case there will be additional VM in future - better place it to dedicated VM folder and grant permission from folder level.

 

 

Reply
0 Kudos