I am having trouble deploying a VM from a template with the use of a Customization Specification File.
Can someone tell me what is causing this.?
I am using a Domain Account that has been granted the Administrator role at the datacenter level. The problem is that the option is not available for this user. It is available if I login with the account that was used to create the Virtual Center.
Any help is appreciated.
You can still do what you want. Just create a new role, that has only the two permissions required, read and modify customization, and do not propagate. Give the user that role at host & clusters. Unless you give the user any other permissions on any other objects, they will not see anything else. I just did this and I was not able to see anything, when the only permission I gave was at Hosts&Clusters with the customize role only. I did not even see a listing of datacenters. So, after that permission is applied, you will still have to give admin access for the other objects you allow the user to manage, but you will also have the ability with that user to create and modify customization specs.
Did you propogate the Administrator role for that user's domain account down to all objects in the datacenter?
Yes, the permissions are propagating all the way down.
Interesting. And the template file itself shows the permission as inherited?
Try manually setting the Administrator permission on that template with that user's account and see if it works.
Tried it, that did not have any affect. Any other thoughts. Does this work for you?
I have seen this issue too, however as it was in a training course I simply had the students use the original administrator account.
The issue is that the user can deploy a VM from the template but can't see any existing customisation specifications.
My suspicion is that if the customisation spec is created before the user is granted rights then they don't see the specification. A way to test this would be for the original administrator to start a deploy & use the customisation spec as the defaults & then save the resulting customisation spec, hopefully the saved spec will be visible to the new user.
Alas I can't test this to confirm.
Al.
Does that user have the ability to see create a new customization spec? I mean, can they see any definitions at all?
Nope, it is greyed out. Does this give you any ideas?
Just further confirmation of the permision problem. If you go to the admin section of the vi client, and click the roles. You should be able to click the administrator role, and on the right hand side, it should show you who has that role and on what object. Make sure the account you want is listed in that view. You have to have access at the data center role in order to modify customization specs.
I am able to see this and it does reflect that the permission exists. Can you tell me whether or not I should have to apply permissions any place other than the Virtual Center Console?
No, you should not, VC is the point from where the customization is applied.
Try these two tests,
create a clone of the administrator role, and assign your ad account the new role and then login with that.
create a new local ID and give the new ID the original administrator role, and see if you find a difference.
Hopefully one will succeed, and one will fail. Also, is your domain ID a member of any of the local server groups?
-KjB
1. tried that the other day> no change in outcome
2. try a local account on the virtual center server? I think that is what you are saying, I will try this?
The domain account is a domain user only. Not a member of any local groups. So it is not being restricted at a different level.
Nope that did not work either. The option is still greyed out.
Ok, I was able to replicate your problem, and I misread the start of this thread. The permission you need has to start at the 'Hosts & Cluster' level. If you don't want to give permission at that level, you can create a new role that has read-only permission, but includes the customization modify and read permission at hosts&clusters, with no propagate. That gave me access to customization specs, while any kind of permssion anywhere else greyed it out.
-KjB
Ok, so I should have also added that we would not like for individual users to see what other users have in their respective datacenters. Or the main datacenter. We have decided to segregate resources by DC. Each user will see the DC they are an administrator of as well as the Resource DC that has shared resources for each user to see. Do you know of a way to allow the customized spec and still restrict the users to see what they are administrators of? Very good answer though...
You can still do what you want. Just create a new role, that has only the two permissions required, read and modify customization, and do not propagate. Give the user that role at host & clusters. Unless you give the user any other permissions on any other objects, they will not see anything else. I just did this and I was not able to see anything, when the only permission I gave was at Hosts&Clusters with the customize role only. I did not even see a listing of datacenters. So, after that permission is applied, you will still have to give admin access for the other objects you allow the user to manage, but you will also have the ability with that user to create and modify customization specs.
That is it. I was so used to propagating my permissions, because I needed to, that I did not restrict them at the topmost level. I new it had to be something stupid. Thank you for your assistance.
By the way what is your experience with ESX??? Also, have you performed an upgrade to Update 1 yet? If so, what have you experienced?
I will be doing Update 1 upgrades in my lab either this weekend or next. With all the issues people have had, I'm glad I waited.
-KjB
What issue have you heard about?
Ed Valenciano
Global Technical Enablement - HP Software
303.886.1544 mobile | Ed.Valenciano@hp.com
3404 E Harmony Road | FTC06 | Fort Collins | CO 80528
There were issues with the ISOs and/or zip files that were posted, which were causing strange installation problems. They were resolved a day or two ago, and I have not heard any more issues since then. Still, always a good idea to backup before you update!!!
-KjB