VMware Cloud Community
caddo
Enthusiast
Enthusiast
‎06-26-2015 07:05 AM

vCenter 6 permissions to manage services in System Configuration

Hi,

I'm trying to set the right permissions in order to see and manage the services in my vCenter environment from the vSphere Web Client from"Administration -> System Configuration"  using a user from my Active Directory domain instead of using "administrator@vsphere.local".

The user "administrator@vsphere.local" can do this natively and it works just fine.

To assign the correct rights it should be enough to add the user to the "SystemConfiguration Administrators" in the SSO, which seems to work just fine in my vCSA test environment.

I have another vCenter+PSC environment installed on Windows that doesn't seem to work, the behaviour is that I can access the "System Configuration" but I can see 0 nodes and 0 services; in the same page I can read:

"Non-vCSA nodes do not support some features such as rebooting, monitoring and configuration in System Configuration. Use the operating systems to perform these tasks."

Is anyone aware of this?

Does it mean that on my Windows vCenter I will never see the status of the services in System Configuration?

Why is the "administrator@vsphere.local" user able to see all nodes and services anyway?

7 Replies
jackchentoronto
Enthusiast
Enthusiast
‎07-20-2015 11:47 AM

Seeing exact same thing on my vCenter 6 ( installed on a Windows 2008 VM ).

When login as vsphere.local\administrator, I see 1 node in "system configuration".

When login as a MyAD\myuser ( this user is added into administrators and systemconfiguration.administrators groups ), I see 0 node in "system configuration".

0 Kudos
T1MODEM1
Contributor
Contributor
‎08-10-2015 11:52 PM

+1 I am seeing the exact same thing.

0 Kudos
T1MODEM1
Contributor
Contributor
‎08-11-2015 12:36 AM

VMware vSphere 6.0.0b Release Notes

Looks like this fixes it...

0 Kudos
kernelpanic59
Contributor
Contributor
‎09-15-2015 12:26 PM

I see that the documentation says it's fixed, however I finished upgrading to VCSA 6.0 U1 today, and it's still broken here too.

0 Kudos
kernelpanic59
Contributor
Contributor
‎09-15-2015 12:50 PM

Correction - It does work under VCSA 6.0 U1, however you have to add individual AD users to the SystemConfig.Administrators group for it to work. Even though the interface will allow you to add an AD group  to encompass a list of users it will not display the node(s) or services to view and manage.

It would be really good if VMware allowed AD groups to be added to this management group so as to allow administrators the ability to manage with groups instead of individual users.

0 Kudos
tohuwbohuw
Contributor
Contributor
‎11-13-2015 07:13 AM

That's interesting, kernelpanic59... I can add groups from my AD to this group and it works fine. On 6.0.0 GA here; I'll report if this still works after upgrading to U1 this weekend.

0 Kudos
tohuwbohuw
Contributor
Contributor
‎11-13-2015 07:14 AM

Sorry, just realized there's a reply to post feature... check my comment in this post.

0 Kudos