10 Replies Latest reply on Nov 19, 2019 1:56 AM by unilab

    Adding Permission to an object throws the error

    l1ghtman Lurker

      We have recently upgraded our vCenter from 6.0 to 6.7, build 11727113. After the upgrade, we have experienced what seems to be a bug regarding assigning privileges to objects like VMs, or folders on vCenter.


      My user is a part of a group 'Administrators', which has global Administrator Permissions.

      The problem I am experiencing right after the upgrade is when I try to add permissions to a local vCenter user using my administrator account, I get the following error:

      "The requested change cannot be completed because it could leave the system without full administrative privileges for a user or group."

      After doing a bit of googling I stabled on this only post that addresses the error: VMware Knowledge Base

      From what it seems like, it has nothing to do with the issue I have, since I am not trying to do anything with users that have global Permissions, I am just trying to give some permissions to the newly created user on vCenter. This makes infrastructure virtually unusable, and the only right way I see it to just reinstall vCenter(which will require downtime, that I would really like to avoid) which might not even solve the issue.


      My colleague has recently tried to reproduce the issue with the same vCenter, and he didn't have the same issue. So the issue might be exactly during the upgrade process and not fresh install



      What we found different, is that global permissions on our infrastructure currently look something like this:

      Image Pasted at 2019-3-23 02-27.png


      And this is what fresh install looks like:

      Image Pasted at 2019-3-23 02-28.png

      We have used Migrate to the vCenter Server Appliance - VMware vSphere Blog  to migrate