Hi there,
we have a VM where I assigned a role named VirtualMachinePowerUser which I built myself. The role should have the right to make snapshots and revert to them. Making snaps is possible but reverting snaps is not working. It seems that some rights need to be assigned to be able to revert to a snapshot for this role.
Do you have an idea?
Regards,
daniel
It's most likely under one of the Virtual Machine areas. Take a look at the built-in Virtual Machine Power User role and try some of those other options under Configuration and Interaction. Can you remove snapshots?
Hi pfuhli,
what permissions are assigned to your custom role right now?
Did you copy and modify the pre-defined "Virtual Machine Power User"-role?
There is a good VMware white paper named "Managing VMware VirtualCenter Roles and Permission" (http://www.vmware.com/pdf/vi3_vc_roles.pdf). It also explains the object hierarchy and permissions inheritance which can become quite important when you try to understand why something is working or not.
\- Andreas
Sorry, it's the pre-defined role I use. I couldn't remember if I built it myself. But I can't revert to snaps.
Regards,
daniel
Are you getting an error? Check your VC server logs located in the C:\Windows\Temp\VPX directory on the Virtual Center server. Also try checking the vmware.log files for any errors that may indicate what role is required.
At which level did you assign the role?
It might be necessary to assign it at the datacenter level, because it contains the "DataStore/Browse Datastore" permission, and that will only take effect at the datacenter level, because a datastore is a datacenter object.
\- Andreas
But I only want to assign it to this special VM. The user should not have this right for all VMs in the datacenter
You can separate the "Datastore/Browse datastore" permission into an own role and assign only that at the datacenter level.
In addition assign the "Power user" role to the special VM only.
\- Andreas
I'll try and let you know ...
thnx!
Ok, this works. But ... now the user can see all of the VMs in the cluster - not only the ones he has permissions for ...
We'll see if this user can interact with these machines which he shouldn't.
Regards,
daniel