VMware Cloud Community
jeffreywmcclain
Enthusiast
Enthusiast

Can't fully restrict VM access by folder when all VMs are on same host?

For example, if I assign a user full permissions to "folder1" in "VMs and Templates", they can see folder1 and edit the VMs within it as expected.

More importantly, they do NOT see "folder2" or "folder3" at the same level as folder1, or the VMs within those other folders, also as expected.

The previous two statements involve using the drop-down explorer on the left of VMWare.

However, if they manually search for the name of one of the VMs (using the search bar on the upper right) that is NOT within the folder I gave them access to, they somehow can STILL see and edit that VM. My assumption is this is because all the VMs at the "hosts and clusters" level are in the same host, despite being in different folders with different permissions at the "VMs and Templates" level. This does not seem like intended behavior.

The obvious fix would be to just separate the VMs by host as well as folder, but this would be costly. Another potential fix would be to use resource pools, but my manager explicitly stated not to use this approach.

Tl;dr: Is there an easy way to restrict a user's access to VMs in a specific folder in "VMs and Templates", despite all the VM folders being on the same host? Note that in the drop-down explorer on the left of VMWare the other folders aren't visible to the user, but the user can still access the VMs by searching in the upper right for some reason.

Tags (1)
Reply
0 Kudos
1 Reply
npadmani
Virtuoso
Virtuoso

Please mention vCenter server version, where this is being observed. Is it in flash based client or HTML5 client where you noticed this?

have you already logged a case with VMware GSS about this?

Narendra Padmani VCIX6-DCV | VCIX7-CMA | VCI | TOGAF 9 Certified
Reply
0 Kudos