I have 2 groups granted access to different resource pools.
Using VI server for local authentication.
I have permissions and roles setup ( even cloned the group)
group a has no problem accessing hosts via web browser.
group b cannot see any hosts in browser.
If I add a member from b to a then the see group a hosts.
I have reviewed my configuration several times.
What is needed for a group to see the hosts in a resource pool via the browser
thanks
Which roles for group a and b?
I think Virtual Machine rights (manage: start, stop, etc) are needed.
Compare the two groups to find.
Best practice-wise, it is not recommended that you grant console permissions to general groups of users. The problem being there are no controls on virtual consoles to restrict the number of connections. Any user can hijack another user's session and utilize their guest OS permissions.
This can become a problem with SOX, HIPAA, etc compliance.
You should look at remote console utilities to provide this functionality if possible.
I'm hoping that someday there will be an option for VI Admins to "take over" another's console connection - but only after clicking in a dialog box - something that's reportable/auditable. Likewise, a general purpose user should not be allowed to access a console that is already in use (or the general user could submit a request to the current user who could in turn grant temp permissions for that user to view the console).
The roles are exactly the same. I copied the role for group a and renamed it for group b.
So the permissions are indentical
They do have manage start and stop.
We do encourage rdp as a console and vnc access.
We have been hoping with the vi3 that connecting their cds remotely
will elimante most needs for console access.
With the exception of a power off/on and reset that when a reboot does not worl.
I agree that audit trails would be nice.
You can always terminate somebodies session to take control. of course that is only good
until the login again
Are any users in group B in another group that is granted permissions elsewhere in Virtual Center? i.e. Did you grant "Everyone" read at the root or something similar?