I know this should be easy but when I set these permissions the user can't see the DISTRIBUTED SWITCH options in edit settings for VM's.
This article provides steps to enable the vCenter Server permissions required to modify virtual machine network settings.
Suggestions?
Hi what is your requirement?
For a user to change network settings of a VM or for user to change Distributed Switch configuration?
I've tried the same settings and the user is able to change the network settings of a VM selecting a Distributed Switch PortGroup
Make sure to assign the user permission at the Datacenter level
I am having this same issue and would love to find a resolution. I have assigned the necessary permissions at the VM and VDS level using a folder, I do not want to assign at the datacenter level because it would give the users permissions on too many VM's, not just the ones we are interested in effecting.
Assigning at the datacenter level should not be a requirement. Vsphere explicitly states that VDS permissions can be assigned at the datacenter level or a folder containing the VDS. We need to do the latter to limit permissions to a subset of our VMs.
The KB says:
9. Add permission for this user at the datacenter level and assign the role to this user.
I haven't tried assigning permission on the folder level, but as a workaround you can still assign on datacenter level then assign 'No Access' on other folder for that user/user group or other VMs so the user/user group would only see the VMs without 'No Access'
BIt of an old post but I've just come across this situation and had a bit of a play around with it.
Assuming the user has permissions to modify the VM...
1. If the user also has access to just the portGroup or a Network Folder ('assign network' permissions), they will be able to add a new network adapter and select the desired portGroup.
2. If the user also has access to just the portGroup or a Network Folder ('assign network' permissions), they will not be able to modify an existing network adapter and assign it to a different port group. For this to work, the user needs read-only access to the host (or cluster) where the VM is located.
I guess the process of modifying a network adapter must query the host to see which portGroups it can access, while adding a new network adapter does not. The KB suggests giving access at the Datacenter level, which would in turn give access to the Cluster/Host.
Hope this is of some use.