Creation of the custom role is failing with an error related to Privilege Manager component -
2018-07-27T17:32:17.737Z verbose hostd[D081B70] [Originator@6876 sub=PropertyProvider opID=a35b512f user=root] RecordOp ASSIGN: info, haTask--vim.AuthorizationManager.addRole-156497097. Applied change to temp map.
2018-07-27T17:32:17.737Z info hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Activation [N5Vmomi10ActivationE:0x0c64c9d8] : Invoke done [addRole] on [vim.AuthorizationManager:ha-authmgr]
2018-07-27T17:32:17.737Z verbose hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Arg name:
--> "Operation"
2018-07-27T17:32:17.737Z verbose hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Arg privIds:
--> (string) [
--> "VirtualMachine.Config"
--> ]
2018-07-27T17:32:17.737Z info hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Throw vmodl.fault.InvalidArgument
2018-07-27T17:32:17.737Z info hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Result:
--> (vmodl.fault.InvalidArgument) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,
--> invalidProperty = "privIds"
--> msg = ""
--> ]
Not sure what exactly it is failing for. As a workaround, create the custom role using the command line. Below are the steps -
Step-1 --> Create a VM-Config privileges file under /tmp --> Run the command <vi /tmp/VMConfigPR.txt>
Step-2 --> Open the VM-Config privileges file in a vi editor, paste the below content, save and exit out of the vi editor -
VirtualMachine.Config.AddExistingDisk
VirtualMachine.Config.AddNewDisk
VirtualMachine.Config.AddRemoveDevice
VirtualMachine.Config.AdvancedConfig
VirtualMachine.Config.Annotation
VirtualMachine.Config.CPUCount
VirtualMachine.Config.ChangeTracking
VirtualMachine.Config.DiskExtend
VirtualMachine.Config.DiskLease
VirtualMachine.Config.EditDevice
VirtualMachine.Config.HostUSBDevice
VirtualMachine.Config.ManagedBy
VirtualMachine.Config.Memory
VirtualMachine.Config.MksControl
VirtualMachine.Config.QueryFTCompatibility
VirtualMachine.Config.QueryUnownedFiles
VirtualMachine.Config.RawDevice
VirtualMachine.Config.ReloadFromPath
VirtualMachine.Config.RemoveDisk
VirtualMachine.Config.Rename
VirtualMachine.Config.ResetGuestInfo
VirtualMachine.Config.Resource
VirtualMachine.Config.Settings
VirtualMachine.Config.SwapPlacement
VirtualMachine.Config.ToggleForkParent
VirtualMachine.Config.UpgradeVirtualHardware
**If you are not comfortable with the vi editor, download the file attached to this reply. I have created the file for you. You can just upload it to /tmp location on the ESXi host**
Step-3 --> Create the role --> Run the command <vim-cmd vimsvc/auth/role_add VM-Config $(cat /tmp/VMConfigPR.txt | awk '$1=$1' ORS=' ')> --> VM-Config is the name of the role. Change it as required.
Step-4 --> In the host client. go to Manage --> Security and Users --> Roles --> Refresh - New role should be listed.
Please consider marking this answer as "correct" or "helpful" if you think your questions have been answered.
Cheers,
Supreet