VMware Cloud Community
kellino
Enthusiast
Enthusiast
‎03-01-2007 01:54 PM

User's can't access datastores

I created a new folder for a group of developers and gave them the "Virtual Machine Administrator" role (VC 2.01).

They seem to be able to do evertyhing they need to but one....

We have our ISO's on an NFS share which is available as a datastore in ESX. When one of the developers tries to edit the location of the ISO, the "Browse" button is greyed out and they can not do so.

It looks like the Virtual Administrator Role has all permissions except the three in the "Permissions" section which I don't beleive are relevant here.

I couldn't find any permisions on the datastores themselves. Does anyone know what permission I am missing and how to find it? Thanks!

Reply
0 Kudos
8 Replies
avarcher
Commander
Commander
‎03-01-2007 02:25 PM

If the priveliges seem Ok might it be an issue of where[/b] the role is given? The datastore object owns the hardware resources, could you try applying the role there to see if it makes a difference.

If it does then you might need to create a custom role for datastore access to apply to the datacenter in addition to the what you have right now.

Reply
kellino
Enthusiast
Enthusiast
‎03-01-2007 02:48 PM

>you might need to create a custom role for datastore access to apply to >the datacenter in addition to the what you have right now.

I tried this and then I created a new user who had no rights and they could see ALL the VM's. Granted they had no rights to access them, but I don't like that ALL VM's were visible.

Just to be clear I granted only the "Browse Datastore" permission at the Datacenter level.

There must be a way to grant browse to the datastore (for ISO's for example) without having to make every single VM visible?

Reply
0 Kudos
kellino
Enthusiast
Enthusiast
‎03-01-2007 02:55 PM

Also I just noticed that doing this will force the most restrictive permission.

So for example, by doing this...all the other permissions (Virtual Machine Administrator) that were applied below the Datacenter level, were trumped and revoked!

Reply
0 Kudos
admin
Immortal
Immortal
‎03-01-2007 03:06 PM

What if you apply those rights from the datastore inventory view.

Reply
0 Kudos
kellino
Enthusiast
Enthusiast
‎03-01-2007 04:05 PM

That's exactly where I applied them. Smiley Happy

It wouldn't let me add permissions to a specific datastore, so I used the Datacenter object in the Datastore view.

Reply
0 Kudos
hicksj
Virtuoso
Virtuoso
‎03-02-2007 04:13 AM

I tried this and then I created a new user who had no

rights and they could see ALL the VM's. Granted they

had no rights to access them, but I don't like that

ALL VM's were visible.

You need to uncheck the Propogate option.

Reply
0 Kudos
NorbK
Enthusiast
Enthusiast
‎07-11-2007 07:50 AM

I have a similar issue. Give a user full administrator access to a cluster and they will be able to do everything but the datastores don't even show in VC. If I click on an ESX server, nothing appears under datastores. Similar to the original post, I don't want to give access to datastores at a higher level because I don't want them to see all of the other VMs (even if read only) that are out there. I take it this is not possible? While not the worst thing in the world, it helps that they can see the free space of the datastores from VC before creating a new VM or if they need to search for an ISO.

Reply
0 Kudos
hicksj
Virtuoso
Virtuoso
‎07-11-2007 10:12 AM

Norb,

The ONLY way to grant access to the datastores is to have valid permissions at the Data Center level. As long as you uncheck propagate, your users will not see all other VM's under your hosts & clusters. They'll only see those you've previously granted permissions to see.

Note: Granting Read-Only does not provide sufficient permissions to browse the datastore to find an ISO. For that, you need to grant the Browse Datastore permission. With Read-Only, users can mount ISOs, they just need to know the exact path to enter.

Regards,

J

Reply
0 Kudos