VMware Cloud Community
beeasy43
Contributor
Contributor
‎07-03-2007 06:54 AM

Error assignin user roles: value cannot be null

Hello, I'm facing problems when I want users to be able to use a default role such as administrator to let them adminster their VM's.

If they try to edit the settings (Virtual Machine Properties) the get an error:

"Value cannot be null"

We are using VMware ESX 3 and VI 2.0.1. The rights are assigned on the appropriate folder and are inherit by the VM's.

I saw some threads in the discussion forum but they seem not to apply to our environment.

Thanks for help, Armin

0 Kudos
10 Replies
moo2102
Contributor
Contributor
‎07-03-2007 11:39 AM

I have a support request open with exactly this problem but till now, no solution.

I will write if i get one

0 Kudos
beeasy43
Contributor
Contributor
‎07-04-2007 11:23 PM

I'd really appreciate it if someone could he me (us) further ...

Thanks, Armin

0 Kudos
JasonH_
Contributor
Contributor
‎07-10-2007 04:49 PM

Greetings,

In my experience this occours only when assigning the defalut roles in the virtual infrastructure client. I was able to resolve my issues my creating custom roles with more relaxed constrictions and then reapplying my permissions. In addition you need to assigned roles/permissions all the down from your data-center.

Hope this helps. I am interesting in seeing what the VMware folks come up with, so please keep us posted. VMware in a round about way said to me that roles/permissioning are somewhat of a grey area for them.

0 Kudos
dbsham
Contributor
Contributor
‎07-20-2007 04:41 AM

We had the same issue when assigning custom roles to speficic folders as opposed to the DC level.

The fix was to either give the permission on the DC level (which isnt ideal), or in our case, create a new DC and put the hosts in the original folder into this. The same role then worked fine.

Will be logging a case with VMWare as it definetly looks like a bug.

0 Kudos
Da_Monkey80
Contributor
Contributor
‎11-07-2007 04:11 PM

I found out by trail and error that this seems to be happening with permissions at the RESOURCE POOL Level. I moved the same privs / machines into a folder and that seem to clear up the issue

-ck

0 Kudos
secops
Contributor
Contributor
‎01-03-2008 10:48 PM

Here's VMware's response so far. I think it sucks and hope they come up with a better one soon.

-

To fix the issue a workaround is to apply the permission at the root level of each datacenter rather than at the cluster level.

More Information:

This issue appears in most instances because the user does not have access to read the datastore and the network settings, because these permissions are assigned at the datacenter level. If you were to give read only permission on the datacenter level, this error should not appear.

Please assign appropriate permission and let us know if this helps.

-

This works but defeats the reason you have strict access controls on certain machines within an environment.

It also doesn't explain why permissions used to work, but now don't (in my case).

0 Kudos
gwelsh123abc
Contributor
Contributor
‎02-13-2008 07:46 PM

hi

which permissions did u apply at the root (datacentre) level to get this working?

im experiencing the same issue

cheers

0 Kudos
Bar2D2
Enthusiast
Enthusiast
‎06-10-2008 07:52 AM

We have same issue, but the role works fine on one standalone host and its users, but not for another and its users.

And even weirder, when I give the users with the problem same rights on the host without the problem, they have the same issue!

I am totally lost LOL!

0 Kudos
Nutella
Contributor
Contributor
‎07-07-2008 03:01 AM

Hi

Sorry for bad english, I fix the problem with make my simple user member of SQL privileges.

L!vc permissions.JPG|thumbnail=true!

0 Kudos
Texiwill
Leadership
Leadership
‎07-07-2008 05:19 AM

Hello,

You should remove all permissions for the user or group above where you are setting the current permissions. In essence permissions are not top down. I.e. you can not have a more expansive permission below one that is more restrictive. If the more restrictive permission is above yours then that is the permission you inherit.

I tend to only have the permissions where they absolutely need to be. I.e. not at the data center level but at the host, folder, resource pool, or VM where they should live. There is only one permission I set at the datacenter level and that is read-only for those who require read-only not for everyone.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos