ThiagoVM
Contributor
Contributor

Export Diagnostic Data - User doesn´t have permission

Hi Guys,

How can I create a user that can export a Diagnostic Data?

I created a new user with administrator permission in hi-level (Hosts & Cluster) but the option Diagnostic Data in administration menu is not available ...

If possible I would like that user doesn´t have administrator permissions.

Thanks in advance.

0 Kudos
10 Replies
MauroBonder
Leadership
Leadership

change permission to administrator into the vcenter, and test

**If you found this information useful, please consider awarding points for

"Correct" or "Helpful"**

*Please, don't forget the awarding points for "helpful" and/or "correct" answers. *Por favor, não esqueça de atribuir os pontos se a resposta foi útil ou resolveu o problema.* Thank you/Obrigado
0 Kudos
admin
Immortal
Immortal

Hi,

You can create a custom role/permission and assign it to the user.

If you are using vCenter 4.0, go to Home -> Administration -> Roles, click on Add Role, provide a name for this role, expand the list of "Global" set of privileges, and select "Diagnostics".

Now, you can assign this role/permission to any user.

Thanks.

*if you found this or any other answer useful, please consider allocating points for helpful or correct answers*

0 Kudos
ThiagoVM
Contributor
Contributor

The user already have administrator permission.

The problem is the option diagnostic data doesn´t show in Export Menu in Virtual Certer.

I´m working with Virtual Center 2.5 U4 version.

0 Kudos
ThiagoVM
Contributor
Contributor

Ok, but its not solve my problem.

If I get a new user that can export diagnostic data i will do it.

More one information:

The user was created in VC have a windows local account.

Thanks

0 Kudos
ThiagoVM
Contributor
Contributor

Sorry Guys!

I don´t know why but later I restart the VC service and the option export Diagnostic Data show again.

Now, I have more one problem. I need to delete this user for create another one with correct permissions.

When I try to remove this user or change your role, the following message returns:

"The request change could leave the system without full administrative privileges for any user or group"

I beleave that I have connect in VC Data Base and try to remove this user manually. Could you help me to do it?

0 Kudos
MauroBonder
Leadership
Leadership

Vai em administration, permission, acha a role que voce criou e deleta apenas ela. Sempre logar como adminstrator neste caso para apagar alguma permissão.

**If you found this information useful, please consider awarding points for

"Correct" or "Helpful"**

*Please, don't forget the awarding points for "helpful" and/or "correct" answers. *Por favor, não esqueça de atribuir os pontos se a resposta foi útil ou resolveu o problema.* Thank you/Obrigado
0 Kudos
ThiagoVM
Contributor
Contributor

Não posso deletar essa role pois quando eu criei esse usuário para teste eu utilizei a role administrator (simulando o ambiente atual do cliente).

O problema só acontece quando usuários são criados no nivel "hosts & Cluster".

Caso queira simular o problema basta criar um usuário com uma conta local no servidor do virtual center e utilizar o mesmo usuário no virtual center utilizando a rule administrator no nível Host e Cluster e propagar para os demais objetos.

0 Kudos
MauroBonder
Leadership
Leadership

http://www.vmware.com/resources/techresources/826

**If you found this information useful, please consider awarding points for

"Correct" or "Helpful"**

*Please, don't forget the awarding points for "helpful" and/or "correct" answers. *Por favor, não esqueça de atribuir os pontos se a resposta foi útil ou resolveu o problema.* Thank you/Obrigado
0 Kudos
ThiagoVM
Contributor
Contributor

Guys,

Any idea about this error?

"The request change could leave the system without full administrative privileges for any user or group"

Are there any SQL query for execute in my Virtual Center DB to find and remove this previleges manually?

0 Kudos
ThiagoVM
Contributor
Contributor

Guys,

I had to delete the user permission manually at Virtual Center DB.

After, I created a new role with the diagnostic option permission selected and apply this for the new user at "Host & Cluster" level.

Just when I restart virtual center service the changes was really applied.

Thanks

0 Kudos