I was in the process of adding new users to a VC 82.5 U2) and I've discovered a strange behaviour.
As soon as I add "Domain users" to the permission tab of a datacenter the "Add permission" options gets greyed out.
I'm doing this logged on as an windows administrator of the VC server (via an AD account), if I log using a local administrator account (no AD involved) the add permission tab can be used.
I think that this issue can be caused by nesting (my AD account is clearly nested in Domain users who are being given less privileges then my account)
Any help will be appreciated.
This is how permissions work in vCenter. The solution is to give your account Administrator permissions first to the Datacenter, then give Domain Users the permissions that group needs to the Datacenter.
I had exactly the same problem. Added "Domain Users" for a simple role (browse datastores, etc) and lost all admin privileges. Even with local administrator account, I couldn't modify the permissions from there on.
The solution was to change the actual role and add the "permissions" right, temporarily. Then, I could remove the "Domain Users" group from that folder. Don't forget to remove the "permissions" right from your role after you get the job done!