Having a few issues with permissions in vCenter and wondering if someone can help?
I have created a new folder for a group of people and assigned permissions to it. They can see this folder, but none of the other ones (which is what i need)
However, vmotion does not work as they only have access to the VMs within this folder. So how can i give access to vmotion to the users of the VMs within this folder, but none of the others and not allow them to see all of the other VMs within the infrastructure?
I now have the folder permissions working correctly. And also vmotion permissions working correctly, the issue i now have is that in hosts and clusters view, ALL of the VMs are visible, but the permissions are only assigned on the single folder, that does not contain these VMs. If i assign a 'no access' role to specific VMs, then it hides it from view, but thats a very long and convoluted way to do it to every VM.
They cant see the folder or VMs in VMs and templates view, but can in hosts and clusters?
When you applied the new permissions at the host or cluster level did you uncheck the "propagate to children" checkbox? Another way might be to do an explicit deny on the folder(s) where you don't want them to have access.
Yes tried unticking that. It takes the ability to see the hosts away, therefore they cant use vMotion. Unless i am missing another permission somewhere.
Tried the deny too, but didnt seem to work at all
I have permissions at a few different levels. I did find that some permissions need to be higher up in the tree than one would expect. Looking back try adding the vmotion permission (VM -> Inventory -> Move) to the Virtual Datacenter object and see if this helps you out.