Permissions on datastores - create snapshot but no...

EdWilts · ‎02-18-2013

Is there a way to create a role such that adminstrators can create snapshots on existing datastores but not provision new VMs on that datastores?

We'bring up new storage and want to ensure that all new VMs get created over there, but not lock out the admins from doing work on the old datastores. Is this possible?

It was my understanding that the permission "Datastore/Allocate space" is required to create a snapshot.

We're running vCenter 5.1 with 5.0 on the hosts.

Thanks!

.../Ed (VCP4, VCP5)

sflanders · ‎02-18-2013

Yes, this is techincally possible, but sounds like more of a process issue than anything Your only real option is to create a new role and assign it the permissions you desire on the storage objects you are referring to. Then assign your users/groups to this role. This works because the most specific permissions always win. See chapter 4: http://pubs.vmware.com/vsphere-50/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-50-securit.... To be honest, I feel this is more work than it is worth. I would advise working on the process by which users provision systems.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===

All

Permissions on datastores - create snapshot but not new VM