VMware Cloud Community
petermie
Enthusiast
Enthusiast
‎03-15-2017 03:19 PM
Jump to solution

User with Administrator role can't upload files to datastores

Using vSphere 6.5, ESXi 6.5 connected to VMFS 5, VMFS 6, and NFS datastores. I have a user that i've given the Administrator role to directly to some datastores, and for some reason I can't upload anything to any of those datastores (ISOs, etc). Trying in the Fling says "r.fileTransferEndpoints is null" in the UI, and not showing any error or attempt in the log. Trying the same in the built in Flash client doesn't give an error at all but doesn't succeed, and using the built in HTML5 client I get an Unauthorized error. Here is the log entry for that from my VCSA when trying the built in HTML5 client: 70081905 103150 200334 com.vmware.vise.vim.http.transport.FileUploadRequestHandler HTTP connection to url: https://vcsa:443/folder/New%20Text%20Document.txt?dcPath=Datacenter&dsName=Test-Datastore failed with status code: 401 and response message: Unauthorized 

I do have full connectivity between the browser machine and VC, PSC, Appliance, and Hosts. Here is the interesting part: While this user has the Administrator role on this datastore directly and is having issues - my main admin user who is part of the vsphere.local\Administrators group, which has the Administrator role by default on all datastores, has no issues from the same browser machine. Also, the user is able to delete files, create folders, etc just no upload. If I take the user off and instead put their (or even the domain Users) group directly on the datastore, I can't see the datastore at all in the datastores view of the client. Alternatively, if I take the user out of their group and put them in the same group as my main user and log out and back in the web client the view doesn't change (I should be seeing every object in my inventory at this point) and I still can't upload files to any of the datastores they do have access.

Any ideas what could be the issue, or where I should look to dig further? I would think having Administrator role on the datastore would work fine, but obviously there's something else going on somewhere. Perhaps some kind of permissions caching?

Reply
1 Solution

Accepted Solutions
petermie
Enthusiast
Enthusiast
‎03-16-2017 10:58 AM
Jump to solution

Figured it out with some help Mincho Tonev in the HTML5 fling forum. Needed Host > Configuration > System Management privilege on the hosts which are accessing the datastore, also needed that plus Datastore > Allocate, Browse, Low Level File Operations, and Remove File at the Datacenter level too.

View solution in original post

Reply
3 Replies
petermie
Enthusiast
Enthusiast
‎03-16-2017 10:58 AM
Jump to solution

Figured it out with some help Mincho Tonev in the HTML5 fling forum. Needed Host > Configuration > System Management privilege on the hosts which are accessing the datastore, also needed that plus Datastore > Allocate, Browse, Low Level File Operations, and Remove File at the Datacenter level too.

Reply
MaxHolder
Contributor
Contributor
‎09-22-2017 12:36 PM
Jump to solution

Works great for HTML5 but for google chrome I am having the same problem.

Do we need more permission for the web browser?

Thanks

Max

Reply
0 Kudos
jkhilmer
Contributor
Contributor
‎01-05-2018 10:52 AM
Jump to solution

Thank you, this was helpful.

So far, it looks like it's sufficient to apply the Datastore portion of the permissions without propagation.

Reply
0 Kudos