Hello and thank you in advance for help that you may provide
We are trialing the new VSphere 4.0 with VCenter.
The issue i have is when trying to create a restricted usergroup/users for console interaction only for Certain VMs or Folder of Vms.
1. I have created a folder under VM and Templates and places the VM's i want to restrict access to in this folder.
2. I created a group on the Vcenter Server and placed the user in it.
3. I assigned permission to the Folder for Console Interaction and Power on/off/reset
When Logging into VSphere Web access
1. Browse to DataCenter -> Folder -> Virtual Machine
2. Select "Console"
3. Click on the screen to open console and recieve the following error
4. ok so Got around this issue... but it creates a further problem...
Here's how i got around it..
1. By adding a "readonly" permission for that user/group to the "ROOT" of the Tree (usually servername).
2. Untick "Propagate to Child Objects"
Good news -- User now access the remote Console plugin through internet explorer...
Bad news --Users can see system tasks and Other user administration tasks in the "recent tasks" pane at the bottom of the screen.
- EG: user Administrator creates a folder, Virtual Machine, Power on/off a VM etc etc. all recent event/tasks show up for the user.
From my googling and searching on this forum, i don't seem to have found another user with this issue.
Any help is much appreciated...
So I was Sure that this would be a well known issue... Is no-one else trying to give restricted access for some users to certain VMs. I thought it would have been very common.
This is the 2nd reinstallation of the vsphere infrastructure "including hosts" and have seen this problem both times.
If you have any ideas of what to check or any futher information you think i should provide. Let me know!.
I think that this is known behavior which one of my coworkers reported and is resolved. Since WebAccess is only experimentally supported in the initial release of vSphere, some issues are still being worked out.
If you could open an SR, for investigation we can verify if it is the same issue. The more people which report a problem the easier it is for me to build a case to get my management to fight to get a fix into the next release
Actually this is a bug with Web Access, I've seen the same issue moving to vSphere vCenter 4.0 (might have been there as well in vCenter 3.5) ... open an SR with VMware Support and let them know that this is an issue with .jslib.js that needs to be replaced with a version from VMware. There is some update to the file which causes this permission issue and the only work around without replacing this file is to give put the user in the Administrator group (which is not a real work around). VMware Support was not able to tell me exactly what was changed in the file, as it's one of those "try at your own risk" but it does work and I've been told that this will be fixed in a future patch/update.
VMware vExpert 2009
If you find this information useful, please award points for "correct" or "helpful".