Hey there,
I'm struggling with the requirements to set up a user that should see (and ideally only see!) two VMs created in a subfolder of a datacenter with the Web Client and PowerCLI.
I set up a local user (vsphere.local) and tested a few things,
this is the current structure I'm dealing with:
vCenter Permission: read-only (not propagated to children)
- Datacenter Permission: read-only (not propagated to children)
- Cluster Permission: read-only (not propagated to children)
- Folder Permission: read-only (propagated to children)
- VM Permission: no specific permission given because of rights propagation
When logging on to the vCenter everything is fine and I see the VMs, but doing so with PowerCLI (e.g. Get-VMHost, Get-VM) do not work, the result set is always empty.
What is the minimum requirement needed for a user to be able to see only the contents of this specific folder, both with the Web Client (HTML5 or Flash) and PowerCLI?
vCenter is v6.5, PowerCLI is v6.3 (I don't recall the exact version). Anyone else experiencing this issue? Or anyone else has an idea, possibly?
Thanks!
NC
PowerCLI version mentioned is very old, please try with latest version. NGC seems to working correctly.
Regards
Lokesh
Hi LokeshHK,
unfortunately, that did not solve my issue.
Also, when logging on as the SSO Admin I'm able to see all data as permitted, both old and new PowerCLI version.
So again I have to ask, what minimum permission set is required in order for a user to only see VMs in one specific folder and above that nothing else (except required items)?
Thanks
NC
Minimum permission required to view any object in inventory is Read-Only and Permission assignment seems to be correct though but I have question. How did you manage to create Folder under cluster?
vCenter Permission: read-only (not propagated to children)
- Datacenter Permission: read-only (not propagated to children)
- Cluster Permission: read-only (not propagated to children)
- Folder Permission: read-only (propagated to children)
- VM Permission: no specific permission given because of rights propagation
If the Folder means resource-pool then use power-cli command like below
"Get-VM -location <folderName>"
or else
1) At Datacenter create "VM and Template" folder.
2) Put desired VM's in to that folder.
3) Grant Read-only permission on the folder with propagation true.
Regards
Lokesh
Hi LokeshHK,
I have full access with the default SSO Administrator account, hence I created a simple VM-folder and assinged the user permissions with this Admin user.
This really is a folder, it is not a Ressource Pool.
Best regards
NC