We have couple "DataCenters" in the VCenter.
I hold full administrative rights on my.
All work fine except of i can't add users and create alarms
following error occur
you do not hold privilege "system > read" on folder "data centers"
Any directions when to start investigate?
My user added to Administrator built in role on certain data center.
I able to do all administration task except alarms and add users.
I try to look into system log > "You do not have privileges to view this page"
The first node on the top/left.
You say that you have multiple datacenters under it, but you have to set also some permissions (RO role) on the first node.
Today I've got this error in my DC environment and this trouble was because username of user in vCenter matches with newly joined host in DC.
It shows global administrator premissions in DC permission tab, but has no effect in result.
Deleting old username was fixed my trouble.
hello . i have had several times exactle the same problem
the error - "
I know the exact solution.
it is described in this article - VMware Knowledge Base
the solution is that :
you always need to give additional permision to your group or user, - you need to add your user\group to permission tab in object "vcenter"
and give the role "read-only".
even if you add your user to built-in group administrators you also need to add your user to vcenter object and assign "read-only" role withour
let me give you one more example.
suppose you want to add administraor role for some particular VM for a user A.
you need to do two steps.
1. edit permission tab for VM and add user A with role "Administrator"
2. edit permission tab for vcenter object and give "read-only" role without propagation
if you dont do step 2 you cannnot even login to vcenter via user-A
one more. if you add user-B to built-in administrators (vsphere.local) group, such user will have almost administrator role.
you will get "you do not hold privilege "system > read" on folder "datacenters" " if you click Home - vcenter server setings.
To avoid this even for user-B you need to make step 2.
personally i think it is a very stupid thing but it is what it is.
hope it helps people.