Hello, I have been reading through posts in the forum and trying the recommendations but have not been able to configure permissions to allow users to deploy templates but not create a New Virtual Machine.
I have followed the example for creating this permission in this document: http://www.vmware.com/pdf/vi3_vc_roles.pdf.
I am using folders to segregate my users in the "Virtual Machines and Templates" inventory view, but I am not using a folder structure in the "Hosts and Clusters" view. I have 3 ESX servers in my Datacenter, but no clusters. The servers are v3.01 with all the latest patches applied and the VC server version is 2.01 build 40664
I am using an Active Directory group and assigning this group different roles at each level. The roles are as follows:
Role1: Virtual Machine-Interaction-all selected;Resource-Assign VM to resource pool selected. Role is assigned at the host level, no propagation.
Role2: Virtual Machine-Provisioning-Deploy template. This role is assigned at the templates folder and propagation is enabled.
Role3: Virtual Machine-Configuration-Create;VM-Configuration- Add New Disk. This role is assigned at the folder that the users will be allowed to deploy VM's in, and propagation is enabled.
Role4: Datastore-Browse Datastore. This role is assigned to my " All users" group at the Datacenter level and to each host in my Datacenter with no propagation.
This configuration results in both the "New Virtual Machine" and "Deploy VM rom this Template" option's being active but the "Next" button being greyed out on the "Select Host or Cluster" screen when deploying a template or creating a new VM.
I have tried enabling propagation on:
Role1: VM-Interaction-all selected;Resource-Assign VM to resource pool selected. Role is assigned at the host level.
This results in the user being allowed to create VM's from scratch as well as deploying from templates.
My intention is to prevent the users from configuring the number of processors, amount of memory, and disk size.
What am I missing?
Thank you,
Ed
