I am working on changing permisisons for a folder in "VM's and Templates" . When I add myself as read only i thought i would get the most restrictive permission applied, I am admin permission inherited from the vceneter server. I cannot add a vm to the folder but I can power cycle and even delete VM's in the folder. I need to add a few new serves to the vm environement but make sure that access to them is limited.
i haven't in my lab, come up with the proper scenario. I think you may have to uncheck the Propagate box on the Administrator role, then set individual permissions all the way down the DataCenter level, when you get to the folder in question, add your account with read only.
I can test this, but it's the only thing I can think of.