VMware Cloud Community
JakeSpeed66
Contributor
Contributor
‎12-07-2011 10:42 AM

Can't delete or change permissions on a VM (vSphere 4.1)

I first tried to delete a VM and got an error that I did not have remove VM rights...I followed up with trying to create a role that had rights (already an admin so figured I create a new role with all right)...tried to apply role to server directly and got the following...

Window Primary Text
Error:Permission to perform this operation was denied.
You do not hold privilege "Permissions > Modify permission" on virtual machine "VM Name"
Error Stack

Window Error
Call "AuthorizationManager.SetEntityPermissions" for object "AuthorizationManager" on vCenter Server "vCenter Server FQDN" failed.

Any thoughts or suggestions would be appreciated

Reply
0 Kudos
3 Replies
weinstein5
Immortal
Immortal
‎12-07-2011 11:07 AM

Welcome to the Community - What user ae upi cpnmnecting with? What permissions foes that user have assigned directly as the user or a group you might be a memeber of  - you can check this by selecting the permissions tab of the VM

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
Reply
0 Kudos
JakeSpeed66
Contributor
Contributor
‎12-07-2011 11:19 AM

Permissions are...

Custom User Grp          Virtual Machine user (sample)          Propogated from parent folder

Administrators               administrator                                  Propogated from root

I get the effective permission of 'VM User" even though I am an administrator and a member of the custom grp. I tried removing the custom grp membership from my account and I am still restricted from admin lvl management of any VMs in this folder....the rest of the vSphere environment is working normally

currently researching any powershell command to remove the permission from the folder

Reply
0 Kudos
JakeSpeed66
Contributor
Contributor
‎12-07-2011 01:23 PM

Issue resolved

  • I did not give AD enough time to propogate the group membership changes
  • Removing my account from the restrict user group  left me associated only to the admin rights/role

Lesson learned...

  • vCenter permissions default to the most restrictive

Going forward

  • Never associate a group to a restriced funtion within vCenter if the Administrators are also members of the same group

For thise who reviewed this issue...thanks for the comments

I hope you don't do the same thing to your vCenter permissions

Reply
0 Kudos