VMware Cloud Community
stephenmbell
Enthusiast
Enthusiast
‎05-28-2020 06:42 PM

Custom Permissions - Create VM inside folder?

Hey everyone,

Looking for a little clarity here.  Running ESXi 6.7.  My environment has 3 hosts, 1 data center, 1 cluster. 

I am looking to delegate permissions to a specific group of people to be able to create virtual machines.  My current thought is that I would create a folder where all of these VMs should live, and assign the permissions at this level.  I went ahead and did this and I am having problems assigning virtual machine to resource pool, allocating space on a datastore, etc..

Looks like I am getting these problems because the permissions I have set are on the folder inside the cluster inside the datacenter. The folder doesn't have any "resource pools" in it, or any datastores in it.

I feel like I could do this by assigning certain rights at the cluster level -- allocating space and assigning a vm to a resource pool.  Then allowing create vm on the folder.  That seems like a lot of granularity for this which makes me wonder if I am thinking about this correctly.

Ideally I want to give our dev group ability to create/modify/delete vms in a specific area - with the idea that they can't modify ALL VMs, only the ones that apply to them.

How would you accomplish this?

Thanks

Steve

0 Kudos
1 Reply
scott28tt
VMware Employee
VMware Employee
‎05-28-2020 11:13 PM

A VM has multiple “parent“ objects - the datastore on which it’s files reside, the network it is connected to (virtual machine port group), the resource pool it draws compute resources from (which could be a resource pool, a host, or a cluster), as well as the inventory location where it is registered as an object (the folder).

This article should help you understand the specific permissions and parent objects: VMware Knowledge Base

All of these will need to be set correctly on all the relevant parent objects before a user can successfully create a VM.


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos