Across our VMware environment we support 16 separate departments. Within those departments are Information Systems people that manage their servers. My group is responsible for spinning them up and assigning the proper permissions to grant them the admin rights. My group is responsible for all the back end VMware / ESX / networking / storage, etc. Clients (IS Folks) do not get permissions to create snapshots, modify the VMware configuration of the VM, etc.. Thy just get rights to the Windows or Unix VM operating system.
What we would like to be able to do is to grant the clients the ability to use the Lifecycle manager to upgrade the VM Tools. I have tried to work through the proper permissions that they require, but the only way I see it working is if we give them more permissions then we would like in vCenter.
We do not want to enable the clients to create snapshots on their own through vCenter, but do want the Lifecycle manager to create them on their behalf..
Has anyone looked into something like this?
Hi, it may be worth checking the vCenter API to see if you can initiate VMTools update for Guest OS. If possible, you can then create a script that the end users can run themselves to initiate the VMTools upgrade
This should be possible via script I have done this using Powershell a while ago. At that point we used an NFS location for VMtools and once we updated we initiated the script to rollout updates.
I have a similar situation. I allow them to create a snapshot manually but not delete or revert to it. Then I have a script run at the end of the day to delete it. You could copy a role and modify it. You can get pretty granular with that.