Squigglymonkey
Enthusiast
Enthusiast

Help with permissions

We have vSphere 6.7. For many years a small group of us have managed it. There was no need to let anyone else build VM's on it, as that is what we did. I now have to allow another group (active Directory) build VM's on it. So far I have followed an article on VMWARE about "Creating and assigning a role with privileges' to create and manage virtual machine to a domain or local user/group (1023189)" (kb.vmware.com/s/article/1023189)
Adding the role at the 'top' and letting it propagate down ended up giving the role access to all VM's. Exactly what I did not want. So I stopped propagation, and granted it at the top again without propagation, and moved down adding the role to the permissions of lower objects till I got to the VM's and then only gave it to a single folder which I want them to use. When they log on they only see their folder, and can mange the VM changing the settings as needed. But, when creating a VM, it does not see any datastores. The role has permissions(browse) on all of them.  Any ideas on what I could be missing?

Tags (1)
0 Kudos
1 Reply
scott28tt
VMware Employee
VMware Employee

They need the Datastore.Allocate space privilege for any datastores you want them to be able to place VM files on.

Required Privileges for Common Tasks

0 Kudos