dandan9
Contributor
Contributor

Web Access_Remote Console Plug-In Error - Permission Issue

Hello and thank you in advance for help that you may provide Smiley Happy

We are trialing the new VSphere 4.0 with VCenter.

The issue i have is when trying to create a restricted usergroup/users for console interaction only for Certain VMs or Folder of Vms.

1. I have created a folder under VM and Templates and places the VM's i want to restrict access to in this folder.

2. I created a group on the Vcenter Server and placed the user in it.

3. I assigned permission to the Folder for Console Interaction and Power on/off/reset

When Logging into VSphere Web access

1. Browse to DataCenter -> Folder -> Virtual Machine

2. Select "Console"

3. Click on the screen to open console and recieve the following error

4. ok so Got around this issue... but it creates a further problem...

Here's how i got around it..

1. By adding a "readonly" permission for that user/group to the "ROOT" of the Tree (usually servername).

2. Untick "Propagate to Child Objects"

Outcome:

Good news -- User now access the remote Console plugin through internet explorer...

Bad news --Users can see system tasks and Other user administration tasks in the "recent tasks" pane at the bottom of the screen.

- EG: user Administrator creates a folder, Virtual Machine, Power on/off a VM etc etc. all recent event/tasks show up for the user.

From my googling and searching on this forum, i don't seem to have found another user with this issue.

Any help is much appreciated...

Kind regards,

Dan

0 Kudos
4 Replies
dandan9
Contributor
Contributor

So I was Sure that this would be a well known issue... Is no-one else trying to give restricted access for some users to certain VMs. I thought it would have been very common.

This is the 2nd reinstallation of the vsphere infrastructure "including hosts" and have seen this problem both times.

If you have any ideas of what to check or any futher information you think i should provide. Let me know!.

Thanks again,

Dan

0 Kudos
jmcdonald1
VMware Employee
VMware Employee

Hey Dan,

I think that this is known behavior which one of my coworkers reported and is resolved. Since WebAccess is only experimentally supported in the initial release of vSphere, some issues are still being worked out.

If you could open an SR, for investigation we can verify if it is the same issue. The more people which report a problem the easier it is for me to build a case to get my management to fight to get a fix into the next release Smiley Happy

0 Kudos
isg-oes-info
Contributor
Contributor

Hey all,

we've just upgraded to vCenter 4 and are experiencing the same problem.

Any ideas when this issues is about to be fixed?

Regards,

Nico

0 Kudos
lamw
Community Manager
Community Manager

Actually this is a bug with Web Access, I've seen the same issue moving to vSphere vCenter 4.0 (might have been there as well in vCenter 3.5) ... open an SR with VMware Support and let them know that this is an issue with .jslib.js that needs to be replaced with a version from VMware. There is some update to the file which causes this permission issue and the only work around without replacing this file is to give put the user in the Administrator group (which is not a real work around). VMware Support was not able to tell me exactly what was changed in the file, as it's one of those "try at your own risk" but it does work and I've been told that this will be fixed in a future patch/update.

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Comuunity

Twitter: @lamw

If you find this information useful, please award points for "correct" or "helpful".

0 Kudos