Hi,
I've created a custom role to allow a team to create delete their own VM's.
The role has the following permissions, hopefully you can see it has remove permission for vm object.
Name Id
---- --
Anonymous System.Anonymous
View System.View
Read System.Read
Cancel task Global.CancelTask
Browse datastore Datastore.Browse
Remove file Datastore.DeleteFile
Low level file operations Datastore.FileManagement
Allocate space Datastore.AllocateSpace
Assign network Network.Assign
Create new VirtualMachine.Inventory.Create
Create from existing VirtualMachine.Inventory.CreateFromEx
Register VirtualMachine.Inventory.Register
Remove VirtualMachine.Inventory.Delete
Unregister VirtualMachine.Inventory.Unregister
Move VirtualMachine.Inventory.Move
Power On VirtualMachine.Interact.PowerOn
Power Off VirtualMachine.Interact.PowerOff
Reset VirtualMachine.Interact.Reset
Answer question VirtualMachine.Interact.AnswerQuestio
Console interaction VirtualMachine.Interact.ConsoleIntera
Device connection VirtualMachine.Interact.DeviceConnect
Configure CD media VirtualMachine.Interact.SetCDMedia
VMware Tools install VirtualMachine.Interact.ToolsInstall
Rename VirtualMachine.Config.Rename
Add existing disk VirtualMachine.Config.AddExistingDisk
Add new disk VirtualMachine.Config.AddNewDisk
Remove disk VirtualMachine.Config.RemoveDisk
Change CPU count VirtualMachine.Config.CPUCount
Memory VirtualMachine.Config.Memory
Add or remove device VirtualMachine.Config.AddRemoveDevice
Modify device settings VirtualMachine.Config.EditDevice
Settings VirtualMachine.Config.Settings
Change resource VirtualMachine.Config.Resource
Upgrade virtual hardware VirtualMachine.Config.UpgradeVirtualH
Reset guest information VirtualMachine.Config.ResetGuestInfo
Advanced VirtualMachine.Config.AdvancedConfig
Disk lease VirtualMachine.Config.DiskLease
Extend virtual disk VirtualMachine.Config.DiskExtend
Create snapshot VirtualMachine.State.CreateSnapshot
Revert to snapshot VirtualMachine.State.RevertToSnapshot
Remove Snapshot VirtualMachine.State.RemoveSnapshot
Rename Snapshot VirtualMachine.State.RenameSnapshot
Customize VirtualMachine.Provisioning.Customize
Clone virtual machine VirtualMachine.Provisioning.Clone
Create template from virtual machine VirtualMachine.Provisioning.CreateTem
Deploy template VirtualMachine.Provisioning.DeployTem
Clone template VirtualMachine.Provisioning.CloneTemp
Read customization specifications VirtualMachine.Provisioning.ReadCustS
Allow disk access VirtualMachine.Provisioning.DiskRando
Allow read-only disk access VirtualMachine.Provisioning.DiskRando
Allow virtual machine download VirtualMachine.Provisioning.GetVmFile
Allow virtual machine files upload VirtualMachine.Provisioning.PutVmFile
Assign virtual machine to resource pool Resource.AssignVMToPool
I've applied the Role at the VC level, Datacentre level, Cluster Level, Datastore level, Port Group level and Resource Pool level with ONLY resource pool level set to propogate, but I still get an error "You do not hold privilage "Virtual Machine > Inventory > Remove" on virtual machine "test" when trying to delete a VM from disk.
They are able to create VM's and perform all other ops I've allowed them. Caa anyone see where I'm going wrong?
thanks
