VMware Cloud Community
Joern_Ravnsbaek
Contributor
Contributor
‎10-19-2021 12:35 AM

vCenter custom roles needed to create a vm, convert to template and deploy from Content Library

I'm trying to create a new role (AD-ROLE) for the admin team that could do the following:

  • upload ISO to Content Libarary
  • create a new virtual machine and connect an ISO from Content Library
  • convert virtual machine to template on Content Library
  • deploy a new vm using the template on Content Library
  • be able to view Content Library to see available OVF/OVA and templates

I created a group (AD-Group) and added to Global Permissions with the AD-ROLE and propagated to children.

The current (AD-ROLE) privileges has been configured, but when I deploy from template and try to select the compute resource it get this error:
You do not have permission to create a virtual machine from a library template in the selected resource. Select another location.

What is the missing privilege to be able to select the compute resource ?

Content Library

  • Add library item
  • Chek in a template
  • Check out a template
  • Create a subscription for a published library
  • Delete library item
  • Download files
  • Evict library item
  • Probe subscription information
  • Publish a library item to its subscribers
  • Publish a library ito its subscribers
  • Read storage
  • Sync library item
  • Update files
  • Update library
  • Update library item
  • Update local library
  • View configuration settings

Datastore

  • Allocate space
  • Browse datastore
  • Low level file operation

Network

  • Assign network

Virtual machine

  • Change Configuration
    • Add existing disk
    • Add new disk
    • Add or remove device
    • Change CPU count
    • Chamge Memory
  • Edit Inventory
    • Create from existing
    • Create new
  • Interaction
    • Answer question
    • Backup operation on virtual machine
    • Configure CD media
    • Configure floppy media
    • Connect devices
    • Console interaction
    • Create screenshot
    • Defragment all disks
    • Drag and drop
    • Guest operation system management by VIX API
    • Inject USB HID scan codes
    • Install VMware Tools
    • Pause or Unpause
    • Perform wipe or shrink operations
    • Power off
    • Power on
    • Reset
    • Suspend
    • privilege.VirtualMachine.Interact.SuspendToMemory.label
  • Provisioning
    • Clone template
    • Clone virtual machine
    • Create template from virtual machine
    • Customize guest
    • Deploy template
    • Mark as template
    • Mark as virtual machine

 

Reply
0 Kudos
7 Replies
wreigle2
Contributor
Contributor
‎06-02-2022 01:07 PM

I am running into the same issue. FWIW

Tags (1)
Reply
0 Kudos
Hulto
Contributor
Contributor
‎10-01-2022 05:33 PM

I am also having this issue. Were you able to find a solution?

Reply
0 Kudos
Bezar
Contributor
Contributor
‎11-29-2022 05:06 AM

You need to provide vApp.Import permissions.

You are probably using OVF/OVA templates.

Bezar_0-1669727229130.png

 

Reply
rgb99
Enthusiast
Enthusiast
‎12-21-2022 11:11 AM

This was it for me - thanks! Of course, Content Library and vApp are related. 🙄

Reply
0 Kudos
mmhussan
Contributor
Contributor
‎03-13-2023 12:21 AM

This has not worked for me

Reply
0 Kudos
RichardKenyan
Contributor
Contributor
‎07-26-2023 09:02 AM

Confirmed, this worked for me. I wouldn't have thought a Content Library error message of "You do not have permission to create a virtual machine from a library template in the selected resource. Select another location." would be fixed via a vApp permission vApp Privileges (vmware.com).

Thanks!

Reply
0 Kudos
Sachchidanand
Expert
Expert
‎07-27-2023 02:18 AM

You have to create a custom role with desired permissions you want to give to end user. Like create a custome role AD-ROLE with privileges you want to give, then create a user e.g User1 and assign this user the role AD-ROLE in the Datacenter permissions and assign role "content library administrator" to the same user (User1) in Global Permissions.

Hope this will solve your concern.

Regards,

Sachchidanand

Reply
0 Kudos