I had a similar problem. There were several groups that had been created using an old LDAP identity. I had orphaned groups in vCenter and could not delete them.
Steps Performed in vCenter 5.5:
Logged into vcenter
Top level (root object)
Permissions tab
Right-Click Group -> Delete
Error: (Call "AuthorizationManager.RemoveEntityPermission" for object "AuthorizationManager" on vCenter Server )
Attempted to restore original LDAP connection
Logged into vSphere Web-client
Click Administration -> Configuration -> Add Identity source
Follow steps to reconstruct source
Attempted deletion of groups, failed
Resolution:
Logged into SQL server
Open MSSMS
Expand databases
Expand vCenter Database
Expand tables
Right-click dbo.VPX_ACCESS
Select Top 100 Rows
Check if the accounts or groups are present in the PRINCIPAL column
MAKE SURE YOU HAVE BACKED UP YOUR DATABASE PRIOR TO ANY CHANGES.
MAKE SURE THAT YOU ARE DELETING THE CORRECT ACCOUNT, THERE IS NO WAY TO RECOVER THE ACCOUNT WITHOUT A PROPER BACKUP/RESTORATION.
Single Account/Group
DELETE FROM [VMware].[dbo].[VPX_ACCESS] where PRINCIPAL='USER-OR-GROUP-TO-DELETE';
Multiple
DELETE FROM [VMware].[dbo].[VPX_ACCESS] where PRINCIPAL LIKE 'USER-OR-GROUP-TO-DELETE';
Restart Windows services
VMware vCenter Inventory Service
VMware VirtualCenter Server
VMware VirtualCenter Management Webservices
Log back into the vCenter
Check that the account or group was removed from the permissions tab
Note
I can't stress enough a proper and full backup prior to any mayor changes to your database.
Hope it help!
Thank you
