VMware Cloud Community
pfuhli
Enthusiast
Enthusiast
‎05-30-2007 06:08 AM

Which rights are neccessary to revert to a snapshot?

Hi there,

we have a VM where I assigned a role named VirtualMachinePowerUser which I built myself. The role should have the right to make snapshots and revert to them. Making snaps is possible but reverting snaps is not working. It seems that some rights need to be assigned to be able to revert to a snapshot for this role.

Do you have an idea?

Regards,

daniel

0 Kudos
9 Replies
esiebert7625
Immortal
Immortal
‎05-30-2007 06:25 AM

It's most likely under one of the Virtual Machine areas. Take a look at the built-in Virtual Machine Power User role and try some of those other options under Configuration and Interaction. Can you remove snapshots?

0 Kudos
peetz
Leadership
Leadership
‎05-30-2007 06:35 AM

Hi pfuhli,

what permissions are assigned to your custom role right now?

Did you copy and modify the pre-defined "Virtual Machine Power User"-role?

There is a good VMware white paper named "Managing VMware VirtualCenter Roles and Permission" (http://www.vmware.com/pdf/vi3_vc_roles.pdf). It also explains the object hierarchy and permissions inheritance which can become quite important when you try to understand why something is working or not.

\- Andreas

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de
0 Kudos
pfuhli
Enthusiast
Enthusiast
‎05-30-2007 06:58 AM

Sorry, it's the pre-defined role I use. I couldn't remember if I built it myself. But I can't revert to snaps.

Regards,

daniel

0 Kudos
esiebert7625
Immortal
Immortal
‎05-30-2007 07:06 AM

Are you getting an error? Check your VC server logs located in the C:\Windows\Temp\VPX directory on the Virtual Center server. Also try checking the vmware.log files for any errors that may indicate what role is required.

0 Kudos
peetz
Leadership
Leadership
‎05-30-2007 07:50 AM

At which level did you assign the role?

It might be necessary to assign it at the datacenter level, because it contains the "DataStore/Browse Datastore" permission, and that will only take effect at the datacenter level, because a datastore is a datacenter object.

\- Andreas

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de
0 Kudos
pfuhli
Enthusiast
Enthusiast
‎05-30-2007 07:53 AM

But I only want to assign it to this special VM. The user should not have this right for all VMs in the datacenter

0 Kudos
peetz
Leadership
Leadership
‎05-30-2007 07:59 AM

You can separate the "Datastore/Browse datastore" permission into an own role and assign only that at the datacenter level.

In addition assign the "Power user" role to the special VM only.

\- Andreas

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de
pfuhli
Enthusiast
Enthusiast
‎05-30-2007 08:08 AM

I'll try and let you know ...

thnx!

0 Kudos
pfuhli
Enthusiast
Enthusiast
‎05-30-2007 11:25 PM

Ok, this works. But ... now the user can see all of the VMs in the cluster - not only the ones he has permissions for ...

We'll see if this user can interact with these machines which he shouldn't.

Regards,

daniel

0 Kudos