I wan't something very easy but I can't get it done.
I've ESX3.5 with VC2.5.
In VC there is a datacenter with several subfolders.
Want I want is the following:
- user authentication based on MS AD server (got that part working)
- users in group A can see folder A but not folder B
- users in group A and B can see both folders.
I've made the folders in VC but now the hard part...
- Group A is VM admin on folder A. This is working. Users can do anything in folder A and can't see folder B.
- When creating a VM the user isn't able to select a esx cluster cause of a limitations of rights. I can imagine that, because the user is VM admin on Folder A and not on the datacenter.
- So, I've created a new role "create_vm", with only the rights to create a VM. Every group has this right now on the datacenter.
- The problem is, users can see now not only their on folder, but al of the folders in VC. (because of the create_vm role)
Group A and Group B, create_vm role on datacenter
Group A VM admin role on Folder A
Group B vm admin role on Folder B
Group A no access role on Folder B
Group B no acces role on Folder A
But the problem now is that I've got users that need to be member of Group A and B.
But then they can't see anything (because of the no access).
Can someone give a bit of help with this?
Thanks in advance!