0 Replies Latest reply on Aug 29, 2009 6:06 AM by MichelNL

    VC permissions / roles conflict

    MichelNL Lurker

      Hi there,

       

      I wan't something very easy but I can't get it done.

       

      I've ESX3.5 with VC2.5.

      In VC there is a datacenter with several subfolders.

       

      Want I want is the following:

      - user authentication based on MS AD server (got that part working)

      - users in group A can see folder A but not folder B

      - users in group A and B can see both folders.

       

      I've made the folders in VC but now the hard part...

      - Group A is VM admin on folder A. This is working. Users can do anything in folder A and can't see folder B.

      - When creating a VM the user isn't able to select a esx cluster cause of a limitations of rights. I can imagine that, because the user is VM admin on Folder A and not on the datacenter.

      - So, I've created a new role "create_vm", with only the rights to create a VM. Every group has this right now on the datacenter.

      - The problem is, users can see now not only their on folder, but al of the folders in VC. (because of the create_vm role)

       

      Simple fix:

      Group A and Group B, create_vm role on datacenter

      Group A VM admin role on Folder A

      Group B vm admin role on Folder B

      Group A no access role on Folder B

      Group B no acces role on Folder A

       

      But the problem now is that I've got users that need to be member of Group A and B.

      But then they can't see anything (because of the no access).

       

      Can someone give a bit of help with this?

       

      Thanks in advance!

       

      Kind regards.