blomoff
Enthusiast
Enthusiast

Permissisons

Having a few issues with permissions in vCenter and wondering if someone can help?

I have created a new folder for a group of people and assigned permissions to it. They can see this folder, but none of the other ones (which is what i need)

However, vmotion does not work as they only have access to the VMs within this folder. So how can i give access to vmotion to the users of the VMs within this folder, but none of the others and not allow them to see all of the other VMs within the infrastructure?

0 Kudos
6 Replies
blomoff
Enthusiast
Enthusiast

I now have the folder permissions working correctly. And also vmotion permissions working correctly, the issue i now have is that in hosts and clusters view, ALL of the VMs are visible, but the permissions are only assigned on the single folder, that does not contain these VMs. If i assign a 'no access' role to specific VMs, then it hides it from view, but thats a very long and convoluted way to do it to every VM.

They cant see the folder or VMs in VMs and templates view, but can in hosts and clusters?

Andy ideas?

0 Kudos
blomoff
Enthusiast
Enthusiast

Anyone?

0 Kudos
parmarr
VMware Employee
VMware Employee

Hello,

Please see if the details listed on the documents below help in any way:

Managing Permissions for vCenter Components

vSphere Permissions and User Management Tasks

Sincerely, Rahul Parmar VMware Support Moderator
0 Kudos
flynmooney
Enthusiast
Enthusiast

When you applied the new permissions at the host or cluster level did you uncheck the "propagate to children" checkbox?  Another way might be to do an explicit deny on the folder(s) where you don't want them to have access.

0 Kudos
vAndrew
Enthusiast
Enthusiast

Yes tried unticking that. It takes the ability to see the hosts away, therefore they cant use vMotion. Unless i am missing another permission somewhere.

Tried the deny too, but didnt seem to work at all

-- Andrew (VMware VCP-DCV, MCSA)
0 Kudos
flynmooney
Enthusiast
Enthusiast

I have permissions at a few different levels.  I did find that some permissions need to be higher up in the tree than one would expect.  Looking back try adding the vmotion permission (VM -> Inventory -> Move) to the Virtual Datacenter object and see if this helps you out.

0 Kudos