WebGate
Contributor
Contributor

you do not hold privilege "system > read" on folder "datacenters"

Hello,

We have couple "DataCenters" in the VCenter.

I hold full administrative rights on my.

All work fine except of i can't add users and create alarms

following error occur

you do not hold privilege "system > read" on folder "data centers"

Any directions when to start investigate?

7 Replies
AndreTheGiant
Immortal
Immortal

Have you set the read-only role in the datacenter level?

Andre

Andre | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
0 Kudos
WebGate
Contributor
Contributor

Hello,

My user added to Administrator built in role on certain data center.

I able to do all administration task except alarms and add users.

I try to look into system log > "You do not have privileges to view this page"

0 Kudos
AndreTheGiant
Immortal
Immortal

But those users have read-only access on the root folder?

Andre

Andre | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
0 Kudos
WebGate
Contributor
Contributor

Hello,

sorry for misunderstanding,but when you state "root folder" do you mean some folder on ESX or server where Vcenter installed?

0 Kudos
AndreTheGiant
Immortal
Immortal

The first node on the top/left.

You say that you have multiple datacenters under it, but you have to set also some permissions (RO role) on the first node.

Andre

Andre | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
0 Kudos
NikolayK_38RUS
Contributor
Contributor

Today I've got this error in my DC environment and this trouble was because username of user in vCenter matches with newly joined host in DC.

It shows global administrator premissions in DC permission tab, but has no effect in result.

Deleting old username was fixed my trouble.

0 Kudos
aceqbaceq
Contributor
Contributor

hello .  i have had several times exactle the same problem

the error  - "

you do not hold privilege "system > read" on folder "datacenters"

I know the exact solution.

it is described in this article - VMware Knowledge Base

the solution is that :

you always need to give additional permision to your group or user, - you need to add your user\group to permission tab in  object "vcenter"

and give the role "read-only".

even if you add your user to built-in group administrators  you also need to add your user to vcenter object and assign "read-only" role withour

propagation.

let me give you one more example.

suppose you want to add administraor role for some particular VM  for a user A.

you need to do two steps.

1. edit permission tab for VM and add user A with role "Administrator"

2. edit permission tab for vcenter object and give "read-only" role without propagation

if you dont do step 2 you cannnot even login to vcenter via user-A

one more. if you add user-B to built-in administrators (vsphere.local) group, such user will have almost administrator role.

you will get "you do not hold privilege "system > read" on folder "datacenters" " if you click Home - vcenter server setings.

To avoid this even for user-B you need to make step 2.

personally i think it is a very stupid thing but it is what it is.

hope it helps people.

0 Kudos