as900w
Hot Shot
Hot Shot

Add Role is failed

Jump to solution

I want to create a custom role.

Open VMware Web Client, navigate to mange > Security & Users > Roles.

Then click Add role.

I want the role only can change the VM configure(For Example, Change the VM Memory.)

So, I only select VirtualMachine > Config

Then Click Add.

But, it's failed

1.PNG

What should I do?

25 Replies
diegodco31
Leadership
Leadership

I recommend applying the patches on the esxi.

Please consider marking this answer "correct" or "helpful" if you think your question have been answered correctly.

Diego Oliveira LinkedIn: http://www.linkedin.com/in/dcodiego
0 Kudos
SupreetK
Commander
Commander

Creation of the custom role is failing with an error related to Privilege Manager component -

2018-07-27T17:32:17.737Z verbose hostd[D081B70] [Originator@6876 sub=PropertyProvider opID=a35b512f user=root] RecordOp ASSIGN: info, haTask--vim.AuthorizationManager.addRole-156497097. Applied change to temp map.

2018-07-27T17:32:17.737Z info hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Activation [N5Vmomi10ActivationE:0x0c64c9d8] : Invoke done [addRole] on [vim.AuthorizationManager:ha-authmgr]

2018-07-27T17:32:17.737Z verbose hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Arg name:

--> "Operation"

2018-07-27T17:32:17.737Z verbose hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Arg privIds:

--> (string) [

-->    "VirtualMachine.Config"

--> ]

2018-07-27T17:32:17.737Z info hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Throw vmodl.fault.InvalidArgument

2018-07-27T17:32:17.737Z info hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Result:

--> (vmodl.fault.InvalidArgument) {

-->    faultCause = (vmodl.MethodFault) null,

-->    faultMessage = <unset>,

-->    invalidProperty = "privIds"

-->    msg = ""

--> ]

Not sure what exactly it is failing for. As a workaround, create the custom role using the command line. Below are the steps -

Step-1 --> Create a VM-Config privileges file under /tmp --> Run the command <vi /tmp/VMConfigPR.txt>

Step-2 --> Open the VM-Config privileges file in a vi editor, paste the below content, save and exit out of the vi editor -

VirtualMachine.Config.AddExistingDisk

VirtualMachine.Config.AddNewDisk

VirtualMachine.Config.AddRemoveDevice

VirtualMachine.Config.AdvancedConfig

VirtualMachine.Config.Annotation

VirtualMachine.Config.CPUCount

VirtualMachine.Config.ChangeTracking

VirtualMachine.Config.DiskExtend

VirtualMachine.Config.DiskLease

VirtualMachine.Config.EditDevice

VirtualMachine.Config.HostUSBDevice

VirtualMachine.Config.ManagedBy

VirtualMachine.Config.Memory

VirtualMachine.Config.MksControl

VirtualMachine.Config.QueryFTCompatibility

VirtualMachine.Config.QueryUnownedFiles

VirtualMachine.Config.RawDevice

VirtualMachine.Config.ReloadFromPath

VirtualMachine.Config.RemoveDisk

VirtualMachine.Config.Rename

VirtualMachine.Config.ResetGuestInfo

VirtualMachine.Config.Resource

VirtualMachine.Config.Settings

VirtualMachine.Config.SwapPlacement

VirtualMachine.Config.ToggleForkParent

VirtualMachine.Config.UpgradeVirtualHardware

**If you are not comfortable with the vi editor, download the file attached to this reply. I have created the file for you. You can just upload it to /tmp location on the ESXi host**

Step-3 --> Create the role --> Run the command <vim-cmd vimsvc/auth/role_add VM-Config $(cat /tmp/VMConfigPR.txt | awk '$1=$1' ORS=' ')> --> VM-Config is the name of the role. Change it as required.

Step-4 --> In the host client. go to Manage --> Security and Users --> Roles --> Refresh - New role should be listed.

Please consider marking this answer as "correct" or "helpful" if you think your questions have been answered.

Cheers,

Supreet

SupreetK
Commander
Commander

as900w​ Can you confirm if the command line steps provided in my previous reply helped you?

Please consider marking this answer as "correct" or "helpful" if you think your questions have been answered.

Cheers,

Supreet

0 Kudos
as900w
Hot Shot
Hot Shot

I am sorry.

I don't try.

Because I has been upgrade ESXi Server to 6.7.

It's oK.

View solution in original post

0 Kudos
SupreetK
Commander
Commander

Cool, request you to close the thread accordingly Smiley Happy

Cheers,

Supreet

0 Kudos
as900w
Hot Shot
Hot Shot

OK. Thanks for your help!

0 Kudos