Jason, thanks for catching that mistake in my last post.

I apreciate it.

Brett

Problem is if I do that then I give that right to the other objects that are a part of the cluster. What we have done is created a folder in the "Virtual Machines and Templates" view called SQL Servers. I've given the DBA's the rights to this folder. Everything works except revert, all other snapshot functions work even delete.

When I permission the entire Cluster they can see and manage the snapshots for the sql servers folder (in the view "virtual machines and templates") and they can manage any server that is not in a subfolder in that view now.

Did you uncheck the Propagate option when applying the Role to the Cluster? If so, they should only have the ability to manage Snapshots for those systems in the SQL folder as needed. This role should only have the snapshot permissions defined, nothing else.

Message was edited by: hicksj

I have this SAME exact setup in my environment, SQL DBA's needing to revert snapshots. The above worked perfect. Note: They can ONLY see their DBA servers. They cannot see any other VM's. However, as long as they do not have snapshot privs directly on any other VM's they can see, they can not manage those snapshots.

Sorry, I did check propagate. I did not read your msg correctly. If I do not select propagate, they users cannot revert to a snapshot. So it still does not work.

I opened a case yesterday and have still not received a reply.

As a test, try applying this new "Snapshot" role to the host (instead of the cluster) currently managing a SQL VM, again, without propagation. Can the DBA's now revert? I thought this could be applied at the higher level. Maybe not?

It's tricky determining where all these permissions are applicable!

This basically sets them back to the original config. They cannot convert now. Seems like they need the high level rights or else.

Ok, that makes sense. I though it was a Cluster operation. I'll have to have my DBA retest reverting. I thought this was working for him...

Let me know what the SR response is. Hopefully they can get this straightened out.

Regards,

J

VMWare Technical Support Suggested configurations listed below. We used number two to get this working for us.

This is a known issue with Vmware that we will be address in a future release of VirtualCenter.

There are two workarounds for this for now:

1 - You can assign a user "VM Power User" or "VM Administrator" role on ESX without propagating it down to all VM's. After that you can choose a virtual machine and assign the same user "VM Power User" or "VM Administrator Role"

so that he/she can perform "Revert Snapshot".

2 - You can add a custom role that should have only one permission and that is "Remove file" under Datastores and nothing else. After this you give a user 'VM Power User' Or 'VM Admin User" on a VM and give the same user the custom role you created on the ESX host. In this way that user will be able

to revert to snapshot.

Solution: Power off the VM. The user will then be allowed to revert to prior snapshots.

No need to provide additional permissions at the host or cluster as previously posted. The user just requires the standard "State" permissions on the VM, along with the ability to powerup/powerdown the VM.

Hope that helps!

Regards,

J