Re: vSphere 6 Web Client Empty Inventory

uchacker11 · ‎09-25-2015

Hello

I am experiencing an odd behavior with permissions in the Web Client. We have several custom Roles and Permissions applied to give service owners access to their VMs in vSphere. Every morning when users login to vSphere to manage their VMs, they receive "Empty Inventory" messages. The users permissions have not changed and they are able to search for their VMs with no issues. They simply cannot see a list of them in "Hosts and Clusters" or "VMs and Templates."

Logging in via the Windows Client works just fine. I can fix the issue temporarily by editing the users permissions on an object and simply clicking OK (not changing the role or propagation settings).

Has anyone seen this before? It just started happening when we upgraded to 6.0 from 5.5u1.

greco827 · ‎09-25-2015

At what level are their permissions set? Can they see VM's from the VM's & Templates view, but not the Hosts & Clusters view, or in neither?

If you find this or any other answer useful please mark the answer as correct or helpful https://communities.vmware.com/people/greco827/blog

uchacker11 · ‎09-25-2015

Permissions are typically applied at the folder level. There are some special cases where perms are applied to other objects but there aren't many of those.

Users cannot see anything in either VMs and Templates or Hosts and Clusters. They can only see VMs if they search for them or if I kick the permissions.

Also, If a user has access to multiple different entities, I only need to kick the permissions on one entity to fix all of their permissions.

greco827 · ‎09-25-2015

Try setting their permissions to read-only at the cluster level and leaving their folder based roles in place. This should allow them to see what you want them to.

If you find this or any other answer useful please mark the answer as correct or helpful https://communities.vmware.com/people/greco827/blog

estereterete · ‎10-06-2015

Same here.

So far, I retried creating new roles fcloned from power user v6 sample.

This is my Role:

</Role>

Right now, all what non administrators users see in web client is

Empty inventory

They see their machines in vmware viclient, and they also see them in the

Vcenter Inventory Lists > Virtual Machines

estereterete · ‎10-06-2015

Actually, if they dont have permission (not even ro) at cluster level, there might be a good reason for that.

This does not solve the problem

tcsm_bi · ‎10-14-2015

Hi,

Did you ever get a resolution for this?

We are having the same issue.

Thanks.

rnelson0 · ‎10-15-2015

Any update on Schrodinger's Permissions? Having the same issue and the same workaround of edit->no change->OK fixes it, temporarily.

rnelson0 · ‎10-15-2015

I did find a potential resolution at http://www.virtually-limitless.com/troubleshooting/vcenter-server-displays-blank-or-no-inventory-aft... but since it's after 5, I'm not risking it tonight. Has anyone tried that?

spenceratarbor · ‎10-20-2015

We're running into this as well. using the appliances and external PSC's. It's driving my users crazy because I have to go in and fix it every time it dies. Would love to know a resolution if one is found.

Our installation was from scratch, no upgrades.

schlagy · ‎10-22-2015

The same problem here after upgrading from 5.5 to 6.0 u1!

rnelson0 · ‎11-02-2015

The solution at Cloud permissions for VMware vSphere (Roles, Privileges and Permissions) | JohnBorhek.com worked for me. Essentially, intermediate objects now need to be readable for users to have their rights at the lower level. Let's say your structure in the Hosts And Clusters view is:

DataCenterA:
- Cluster1:
  - HostA
  - HostB

In 5.5 you would have assigned rights to Cluster1 and everything was okay. In 6.0 you still assign rights to Cluster1, but also assign read-only (or higher) permissions that do not propogate on DataCenterA, and any other intermediate items.. All four views - H&C, VMs & Templates, Storage, and Networking - have the same issue, so add the read-only rights on all intermediate items in each view.

Thanks to unsichtbare for the tip on this!

spenceratarbor · ‎11-02-2015

Sadly I just had this happen again to me. My user group is a member of "Administrators" in Global Permissions, and I logged in and saw an entire vCenter missing (the one I was logging into no less!). I could get to resources on the other vCenter server in ELM, but the local one was gone.

Something is far more broken if a global admin has entire vCenter's drop out.

Like always, using the Windows client works fine. I had to reboot vCenter to get my access back.

rnelson0 · ‎11-02-2015

I was told by support that there is a completely different problem that has similar symptoms wherein the inventory service itself is affected. I wasn't given a KB for that but maybe log analysis will show if that service had an issue? In this case, the permissions error looked like:

2015-10-20T18:37:57.859Z [tomcat-exec-80 WARN com.vmware.cis.authorization.impl.AclPrivilegeValidator opId=<GUID>] User DOMAIN\username does not have privileges [System.View] on object urn%3Aacl%3Aglobal%3Apermissions

That was from the catalina (tomcat) log IIRC

spenceratarbor · ‎11-02-2015

Yes, I have seen that error in the web UI when trying to look at one of the tabs (i forget which) when the inventory is missing.