Creation of the custom role is failing with an error related to Privilege Manager component -

2018-07-27T17:32:17.737Z verbose hostd[D081B70] [Originator@6876 sub=PropertyProvider opID=a35b512f user=root] RecordOp ASSIGN: info, haTask--vim.AuthorizationManager.addRole-156497097. Applied change to temp map.

2018-07-27T17:32:17.737Z info hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Activation [N5Vmomi10ActivationE:0x0c64c9d8] : Invoke done [addRole] on [vim.AuthorizationManager:ha-authmgr]

2018-07-27T17:32:17.737Z verbose hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Arg name:

--> "Operation"

2018-07-27T17:32:17.737Z verbose hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Arg privIds:

--> (string) [

-->    "VirtualMachine.Config"

--> ]

2018-07-27T17:32:17.737Z info hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Throw vmodl.fault.InvalidArgument

2018-07-27T17:32:17.737Z info hostd[D081B70] [Originator@6876 sub=Solo.Vmomi opID=a35b512f user=root] Result:

--> (vmodl.fault.InvalidArgument) {

-->    faultCause = (vmodl.MethodFault) null,

-->    faultMessage = <unset>,

-->    invalidProperty = "privIds"

-->    msg = ""

--> ]

Not sure what exactly it is failing for. As a workaround, create the custom role using the command line. Below are the steps -

Step-1 --> Create a VM-Config privileges file under /tmp --> Run the command <vi /tmp/VMConfigPR.txt>

Step-2 --> Open the VM-Config privileges file in a vi editor, paste the below content, save and exit out of the vi editor -

VirtualMachine.Config.AddExistingDisk

VirtualMachine.Config.AddNewDisk

VirtualMachine.Config.AddRemoveDevice

VirtualMachine.Config.AdvancedConfig

VirtualMachine.Config.Annotation

VirtualMachine.Config.CPUCount

VirtualMachine.Config.ChangeTracking

VirtualMachine.Config.DiskExtend

VirtualMachine.Config.DiskLease

VirtualMachine.Config.EditDevice

VirtualMachine.Config.HostUSBDevice

VirtualMachine.Config.ManagedBy

VirtualMachine.Config.Memory

VirtualMachine.Config.MksControl

VirtualMachine.Config.QueryFTCompatibility

VirtualMachine.Config.QueryUnownedFiles

VirtualMachine.Config.RawDevice

VirtualMachine.Config.ReloadFromPath

VirtualMachine.Config.RemoveDisk

VirtualMachine.Config.Rename

VirtualMachine.Config.ResetGuestInfo

VirtualMachine.Config.Resource

VirtualMachine.Config.Settings

VirtualMachine.Config.SwapPlacement

VirtualMachine.Config.ToggleForkParent

VirtualMachine.Config.UpgradeVirtualHardware

**If you are not comfortable with the vi editor, download the file attached to this reply. I have created the file for you. You can just upload it to /tmp location on the ESXi host**

Step-3 --> Create the role --> Run the command <vim-cmd vimsvc/auth/role_add VM-Config $(cat /tmp/VMConfigPR.txt | awk '$1=$1' ORS=' ')> --> VM-Config is the name of the role. Change it as required.

Step-4 --> In the host client. go to Manage --> Security and Users --> Roles --> Refresh - New role should be listed.

Please consider marking this answer as "correct" or "helpful" if you think your questions have been answered.

Cheers,

Supreet

Cool, request you to close the thread accordingly

Cheers,

Supreet

OK. Thanks for your help!