Yes, propagation is enabled, but that would only affect permissions for -child- objects of the level at which the role was granted, right? The structure is:

Host

Resource Pool #1 <---- user1 granted the role Resource Pool Administrator here, with propagation

Resource Pool #2

Unfortunately, user1 cannot create VMs in Resource Pool #1, with the reason given that he does not have privilege Virtual Machine > Inventory > New at the Host level. I would have thought that if role Resource Pool Administrator has permission to create a VM, and user1 is granted that role at Resource Pool #1, then user1 would be able to create VMs underneath Resource Pool #1. Unfortunately, that does not seem to be the case. And obviously, if I grant user1 the privilege Virtual Machine > Inventory > New at the Host level, that would mean he could create VMs anywhere, which is exactly what we are trying to avoid.

Thanks,

Fran

Fran -

Have you made any progress on this? I'm stuck with the same issue myself.

In fact, even if I grant Create New on the host, I still get the same error unless I propagate the permission across the entire server (despite it being set already on my target resource pool).

Regards,

David

David,

We fought with it a little bit more and eventually gave up. Our "solution" was to give everyone admin rights to all resource pools, and enforce policy verbally within the group. Less than ideal to be sure, but we could not get it to function the way we wanted it to.

If you happen to resolve it, please post to this thread. Thanks!

-Fran