Is it possible to give a user(s) permission to snap shot ONLY windows server vm's without moving all windows vm's to a folder.
I know that if I use LucD's script below from another post i can propagate permissions but i do not want to move vm's out of their current folders which are separated out by department.
$VMs = Get-Folder -Name "Windows Patch Management" | Get-VM
Foreach ($VM in $VMs){
If ($VM.Extensiondata.guest.guestfamily -match "windows") {
Move-VM -VM $VM -Destination (Get-Folder Windows)
}
}
Just make a custom role then
Create a vCenter Server Custom Role (vmware.com)
I do a mix, we have folders for everything, but different groups have different roles. So if you want a whole group to have snapshot only then just apply that to the datacenter object and then they can snapshot anything under that object. The other way is to do it per vm, which you may be able to via powercli or just do it manually.
Right, but how do i apply a custom role to only windows vm's without moving them to a folder.
Are you saying there is a custom role attribute for only windows OS vm snapshot permission? If so where can i find it?
The ultimate goal is to leave the current folder structure and permissions for all department champions alone but at the same time give the newly created windows patching team access to console and snapshot ONLY vm's that are windows guest specific. Once i have that figured out i can do the same for the other patching teams.
@sjesse is this question in the right channel?
I didn't see an issue with it