I want to create a custom role.
Open VMware Web Client, navigate to mange > Security & Users > Roles.
Then click Add role.
I want the role only can change the VM configure(For Example, Change the VM Memory.)
So, I only select VirtualMachine > Config
Then Click Add.
But, it's failed
What should I do?
I recommend applying the patches on the esxi.
Please consider marking this answer "correct" or "helpful" if you think your question have been answered correctly.
Creation of the custom role is failing with an error related to Privilege Manager component -
2018-07-27T17:32:17.737Z verbose hostd[D081B70] [Originator@6876 sub=PropertyProvider opID=a35b512f user=root] RecordOp ASSIGN: info, haTask--vim.AuthorizationManager.addRole-156497097. Applied change to temp map.
2018-07-27T17:32:17.737Z info hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Activation [N5Vmomi10ActivationE:0x0c64c9d8] : Invoke done [addRole] on [vim.AuthorizationManager:ha-authmgr]
2018-07-27T17:32:17.737Z verbose hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Arg name:
--> "Operation"
2018-07-27T17:32:17.737Z verbose hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Arg privIds:
--> (string) [
--> "VirtualMachine.Config"
--> ]
2018-07-27T17:32:17.737Z info hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Throw vmodl.fault.InvalidArgument
2018-07-27T17:32:17.737Z info hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Result:
--> (vmodl.fault.InvalidArgument) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,
--> invalidProperty = "privIds"
--> msg = ""
--> ]
Not sure what exactly it is failing for. As a workaround, create the custom role using the command line. Below are the steps -
Step-1 --> Create a VM-Config privileges file under /tmp --> Run the command <vi /tmp/VMConfigPR.txt>
Step-2 --> Open the VM-Config privileges file in a vi editor, paste the below content, save and exit out of the vi editor -
VirtualMachine.Config.AddExistingDisk
VirtualMachine.Config.AddNewDisk
VirtualMachine.Config.AddRemoveDevice
VirtualMachine.Config.AdvancedConfig
VirtualMachine.Config.Annotation
VirtualMachine.Config.CPUCount
VirtualMachine.Config.ChangeTracking
VirtualMachine.Config.DiskExtend
VirtualMachine.Config.DiskLease
VirtualMachine.Config.EditDevice
VirtualMachine.Config.HostUSBDevice
VirtualMachine.Config.ManagedBy
VirtualMachine.Config.Memory
VirtualMachine.Config.MksControl
VirtualMachine.Config.QueryFTCompatibility
VirtualMachine.Config.QueryUnownedFiles
VirtualMachine.Config.RawDevice
VirtualMachine.Config.ReloadFromPath
VirtualMachine.Config.RemoveDisk
VirtualMachine.Config.Rename
VirtualMachine.Config.ResetGuestInfo
VirtualMachine.Config.Resource
VirtualMachine.Config.Settings
VirtualMachine.Config.SwapPlacement
VirtualMachine.Config.ToggleForkParent
VirtualMachine.Config.UpgradeVirtualHardware
**If you are not comfortable with the vi editor, download the file attached to this reply. I have created the file for you. You can just upload it to /tmp location on the ESXi host**
Step-3 --> Create the role --> Run the command <vim-cmd vimsvc/auth/role_add VM-Config $(cat /tmp/VMConfigPR.txt | awk '$1=$1' ORS=' ')> --> VM-Config is the name of the role. Change it as required.
Step-4 --> In the host client. go to Manage --> Security and Users --> Roles --> Refresh - New role should be listed.
Please consider marking this answer as "correct" or "helpful" if you think your questions have been answered.
Cheers,
Supreet
as900w Can you confirm if the command line steps provided in my previous reply helped you?
Please consider marking this answer as "correct" or "helpful" if you think your questions have been answered.
Cheers,
Supreet
I am sorry.
I don't try.
Because I has been upgrade ESXi Server to 6.7.
It's oK.
Cool, request you to close the thread accordingly
Cheers,
Supreet
OK. Thanks for your help!