VMware Cloud Community
thebart
Enthusiast
Enthusiast
‎02-09-2022 07:20 AM

Permissions to "Windows OS" VMs without moving them to a folder

Is it possible to give a user(s) permission to snap shot ONLY windows server vm's without moving all windows vm's to a folder.

I know that if I use LucD's script below from another post i can propagate permissions but i do not want to move vm's out of their current folders which are separated out by department.

$VMs = Get-Folder -Name "Windows Patch Management" | Get-VM
Foreach ($VM in $VMs){
If ($VM.Extensiondata.guest.guestfamily -match "windows") {
Move-VM -VM $VM -Destination (Get-Folder Windows)
}
}

Labels (2)
Labels
0 Kudos
6 Replies
sjesse
Leadership
Leadership
‎02-09-2022 07:25 AM

Just make a custom role then

Create a vCenter Server Custom Role (vmware.com)

I do a mix, we have folders for everything, but different groups have different roles. So if you want a whole group to have snapshot only then just apply that to the datacenter object and then they can snapshot anything under that object. The other way is to do it per vm, which you may be able to via powercli  or just do it manually.

0 Kudos
thebart
Enthusiast
Enthusiast
‎02-09-2022 07:43 AM

Right, but how do i apply a custom role to only windows vm's without moving them to a folder. 

Are you saying there is a custom role attribute for only windows OS vm snapshot permission? If so where can i find it?

0 Kudos
thebart
Enthusiast
Enthusiast
‎02-09-2022 07:59 AM

The ultimate goal is to leave the current folder structure and permissions for all department champions alone but at the same time give the newly created windows patching team access to console and snapshot ONLY vm's that are windows guest specific. Once i have that figured out i can do the same for the other patching teams.

0 Kudos
pwolf
Enthusiast
Enthusiast
‎02-09-2022 10:30 AM

I think that is not possible in an easy way. You would have to set the permissions on a per VM basis, or you create a subfolder for Windows VMs in each of your folders containing Windows VMs and move the Windows VMs into those folders and set the permissions on those folders. Something like a group of VMs like a group of computers in AD is not available in Vshpere as far as I know.
thebart
Enthusiast
Enthusiast
‎02-17-2022 07:49 AM

@sjesse is this question in the right channel? 

0 Kudos
sjesse
Leadership
Leadership
‎02-24-2022 09:09 AM

I didn't see an issue with it

0 Kudos