I am using VirtualCenter 2.5 and ESX 3.5. With my administrative account I am able to mount a CD (iso or directly to CDROM) from the virtual infrastruture client. When I login using an account that has been granted "Virtual Machine Power User" previlages to a specific virtual machine or folder I get "Permission to perform this operation was denied". This occurs when I specify any level of permission (administrative rights included) at that folder level. Anyone seen this?
You only had to look in the Guest OS Forum - I had this issue and found a workaround:
today I'd experienced the same problem in multiple independent Vmware-VC Setups at our lab and at our customers. I think it's a bug in the new VC 2.5. Did you open a support call?
with kind regards
Not yet, I was hoping it was something I was doing wrong. Have you found any work arounds? So far we are getting by with an admin mapping the cdrom to an iso file on the datastore. While that works ok for a couple users it will eventually be too much to handle.
The 'restricted' users may need at a minimum, 'read only' at the Data Center (no propagate), or a new role with only the 'browse datastore' privilege (again, NO propagate) at the Data Center. I thought this changed at some point, but it used to be needed.
Neither of those permissions worked. Just to test I even allowed it to propagate down and it still didn't work. Are there any logs that would show the permission being denied? The Events tab does not show these errors and I have set VirtualCenter Logging to "Trivia" in the configuration window.
yes - I believe that permission errors are logged in the vpx logs... see the most recent c:\windows\temp\vpx\vpxd-X.log
Message was edited by: hicksj
That workaround seems to fix it thanks. Hopefully it will be fixed in a patch soon.
Answer from post that worked:
Go to the Hosts & Clusters folder in Virtual Center.
+On the Permissions tab, add a user or group of users and give them the
'Virtual Machine Power User' role, but be sure to UNCHECK the
'Propogate to Child Objects" option. This way, the users don't receive
access to all VMs in your datacenter.+
I've encounter the same error, but a simple not propagated "Read-Only" right on the "Host & Clusters" folder is enough to give access to the CD-ROM mount operation (if you have enough rights to mount virtual device on the virtual machine, of course).