VMware Cloud Community
TorstenGraf
Contributor
Contributor
‎02-27-2023 05:33 AM

Create VM from template - Permission to perform this operation was denied

Hello Everybody,

I have some trouble with the creation of vms from a template via terraform.

We have created a customer specific role:

Cryptographic operations

Direct Access

Migrate

Datastore

Allocate space

Browse datastore

Configure datastore

Low level file operations

Remove file

Update virtual machine files

Update virtual machine metadata

Folder

Create folder

Delete folder

Move folder

Rename folder

Global

Set custom attribute

Host

Configuration

System Management

Local operations

Create virtual machine

Delete virtual machine

Reconfigure virtual machine

Network

Assign network

Configure

Move network

Remove

Host profile

View

Resource

Apply recommendation

Assign vApp to resource pool

Assign virtual machine to resource pool

Migrate powered off virtual machine

Migrate powered on virtual machine

Modify resource pool

Move resource pool

Query vMotion

Profile-driven storage

Profile-driven storage update

Profile-driven storage view

Storage views

View

vApp

Clone

Create

Export

Import

Power on

View OVF environment

Virtual machine

  • All priviliges

We have bin these role to an AD Group on the vCenter itself with "propagte to children"
Therefor the Group has the right on the template, source and destination datastore and hosts, but we always get the error:

" Permission to perform this operation was denied. NoPermission.message.format"

Anyboday an idea, which privilige is missing.

Tahnks & Best Regards
Torsten

Labels (3)
Labels
0 Kudos
1 Reply
nachogonzalez
Commander
Commander
‎02-28-2023 09:20 PM

Hello Torsten, hope all is well.
According to this document your permissions are correct

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-4D0F8E63-2961-4B7...

You mentioned that the role has the right permissions on the Hosts, source and destination datastores and the templates.
If you log in to vCenter using that user? can you check VM folders and resource pools?
If you try to create a VM manually is it working?

Blog Nachogonzalez.com.ar Twitter @nachogon_