Aketaton
Contributor
Contributor

VC 2.5 U2 + domain users : cannot add permission to datacenter

Hi all

I was in the process of adding new users to a VC 82.5 U2) and I've discovered a strange behaviour.

As soon as I add "Domain users" to the permission tab of a datacenter the "Add permission" options gets greyed out.

I'm doing this logged on as an windows administrator of the VC server (via an AD account), if I log using a local administrator account (no AD involved) the add permission tab can be used.

I think that this issue can be caused by nesting (my AD account is clearly nested in Domain users who are being given less privileges then my account)

Any help will be appreciated.

Thank you

F.

0 Kudos
3 Replies
jguidroz
Hot Shot
Hot Shot

This is how permissions work in vCenter. The solution is to give your account Administrator permissions first to the Datacenter, then give Domain Users the permissions that group needs to the Datacenter.

0 Kudos
Aketaton
Contributor
Contributor

This is exactly the way I've used (otherwise how could I give permission on an object if I have no permission on that object? 😛 )

0 Kudos
dzacharo
Contributor
Contributor

I had exactly the same problem. Added "Domain Users" for a simple role (browse datastores, etc) and lost all admin privileges. Even with local administrator account, I couldn't modify the permissions from there on.

The solution was to change the actual role and add the "permissions" right, temporarily. Then, I could remove the "Domain Users" group from that folder. Don't forget to remove the "permissions" right from your role after you get the job done!

Cheers,

Dimitris.

0 Kudos