VMware Cloud Community
zik
Enthusiast
Enthusiast
Jump to solution

Permission to change annotation

What permissions do I need to grant to allow someone to change the annotation on a VM?

Tags (1)
Reply
0 Kudos
1 Solution

Accepted Solutions
lamw
Community Manager
Community Manager
Jump to solution

Trial and error to figure out, but an easy place to get all required permissions is by browsing the API docs, the hardest thing is to figure out where it's in the docs.

Annotations is part of the VM's config as noted here: http://www.vmware.com/support/developer/vc-sdk/visdk400pubs/ReferenceGuide/vim.vm.ConfigSpec.html and as you can see to the right of annoatations the required permission that is needed is VirtualMachine.Config.Rename

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

Twitter: @lamw

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Comuunity

If you find this information useful, please award points for "correct" or "helpful".

View solution in original post

Reply
0 Kudos
7 Replies
lamw
Community Manager
Community Manager
Jump to solution

Trial and error to figure out, but an easy place to get all required permissions is by browsing the API docs, the hardest thing is to figure out where it's in the docs.

Annotations is part of the VM's config as noted here: http://www.vmware.com/support/developer/vc-sdk/visdk400pubs/ReferenceGuide/vim.vm.ConfigSpec.html and as you can see to the right of annoatations the required permission that is needed is VirtualMachine.Config.Rename

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

Twitter: @lamw

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Comuunity

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
chrisdp
Contributor
Contributor
Jump to solution

Hello,

I have verified that the rename permission is enabled but when my user attempts to modify the values in the annotations section they are still unable to make any updates. Has anyone else had this problem and if so then how were you able to resolve it.

Thanks

Chris

Reply
0 Kudos
toredash
Contributor
Contributor
Jump to solution

We are having the same issues, a role which is given VirtualMachine.Config.Rename rights is unable to manage annontations on that VM.

Any suggestion for debugging?

Reply
0 Kudos
lamw
Community Manager
Community Manager
Jump to solution

Probably the easiest way to resolve the permission issue, which I believe you probably need more than just VirtualMachine.Config.Rename is to make a copy of say "Virtual Machine Power User" and then slowly remove one privilege at a time (trial and error) until you figure out the minimal amount of privileges. Certain ones will standout, like you can easily remove "Global.CancelTask" if you don't need that,etc. This hopefully will then give you the bare minimal for a user to update the "annotation" BUT does not guarantee it won't require other privileges than just updating the annotation. Hopefully that makes sense

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

Twitter: @lamw

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Community

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
chrisdp
Contributor
Contributor
Jump to solution

I have created a test user and given it the VM power user permissions but while they can click on the EDIT button of the annotations they are still unable to modify the values. I did not even remove anything from the permissions for power user so perhaps I would need to start with something higher by default before eliminiating rights to try and pinpoint the problem. I will see what I can come up with and post it back here...unless of course someone has already narrowed down the specific permission that would be great

Reply
0 Kudos
lamw
Community Manager
Community Manager
Jump to solution

Oh that's interesting, yea I can't say I've looked into this too deeply, I just know the original question was around what "privilege" I would need just for the annotation, which is what the API reference docs list. Though for actual use of that, you probably need few more permission. I would say maybe start at "Administrator" level, we know this role will definitely have full access to the VM.

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

Twitter: @lamw

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Community

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
jgrall
Contributor
Contributor
Jump to solution

This KB documents how to do it. I tested in my vSphere enviroment and it works properly.

KB1005720

Reply
0 Kudos