markdjones82
Expert
Expert

Lowest permissions to deploy,delete,deploy from template VM's at folder level within a cluster

All, I am trying to give permissions to be able to deploy, destroy and create vm's from template within a restricted folder within a cluster. I can't seem to get the permissions right. They only should be able to see the VM's and templates within this folder. Any help?

http://www.twitter.com/markdjones82 | http://nutzandbolts.wordpress.com
0 Kudos
4 Replies
azn2kew
Champion
Champion

Have you try using VI Client and connect to vCenter server and click on "Administration" button and select "Add Role" and go through "All Privileges->Virtual Machine->Provisioning->"and check the appropriate permissions and test it to validate your selection. This is the only location you can manage virtual machine and templates permissions and its very granular so select it appropriately.

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!

Regards,

Stefan Nguyen

VMware vExpert 2009

iGeek Systems Inc.

VMware, Citrix, Microsoft Consultant

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!! Regards, Stefan Nguyen VMware vExpert 2009 iGeek Systems Inc. VMware vExpert, VCP 3 & 4, VSP, VTSP, CCA, CCEA, CCNA, MCSA, EMCSE, EMCISA
0 Kudos
markdjones82
Expert
Expert

Yes, I have tried combinations of everything and it I cannot get it to deploy VM's at the cluster level from the restricted folder.

http://www.twitter.com/markdjones82 | http://nutzandbolts.wordpress.com
0 Kudos
admin
Immortal
Immortal

Hi Mark,

At what level are you providing the permission?

Thanks.

0 Kudos
markdjones82
Expert
Expert

Hi,

I have tried these instructions, but it still does not work:

VM Deployment Roles and Permissions

leave a comment »

In our data centers

we allow certain users to deploy VMs from templates into the test

environment. Here are the minimum set of permissions required on

Virtual Center to alway them to complete the deployment.

  • At the destination folder

    • Virtual Machine > Inventory > Create

    • Virtual Machine > Configuration > Add New Disk

    • These rights need to be propagated

  • At the datacenter and on each host within the cluster

    • Read-only

    • These rights must not be propagated, or resources at the root level become visible

  • At the cluster (or host level if you aren’t running DRS)

    • Virtual Machine > Inventory > Create

    • These rights must not be propagated, or resources at the root level become visible

  • At the template folder

    • Virtual Machine > Provisioning > Deploy Template

    • This right needs to be propagated

  • At the destination resource pool

    • Resource > Assign VM to Resource Pool

    • Virtual Machine > Interaction

Additionally, in order to be able to use customisation templates, the following rights are needed.

  • At the template folder

    • Virtual Machine > Provisioning > Customize

    • This right needs to be propagated

  • At the root (Hosts & Clusters / Virtual Machines & Templates) folder

    • Virtual Machine > Provisioning > Read Customization Specifications

</div>

</div>

http://www.twitter.com/markdjones82 | http://nutzandbolts.wordpress.com
0 Kudos