1 Reply Latest reply on Apr 22, 2019 7:12 PM by npadmani

    Can't fully restrict VM access by folder when all VMs are on same host?

    jeffreywmcclain Lurker

      For example, if I assign a user full permissions to "folder1" in "VMs and Templates", they can see folder1 and edit the VMs within it as expected.

      More importantly, they do NOT see "folder2" or "folder3" at the same level as folder1, or the VMs within those other folders, also as expected.

      The previous two statements involve using the drop-down explorer on the left of VMWare.

       

      However, if they manually search for the name of one of the VMs (using the search bar on the upper right) that is NOT within the folder I gave them access to, they somehow can STILL see and edit that VM. My assumption is this is because all the VMs at the "hosts and clusters" level are in the same host, despite being in different folders with different permissions at the "VMs and Templates" level. This does not seem like intended behavior.

       

      The obvious fix would be to just separate the VMs by host as well as folder, but this would be costly. Another potential fix would be to use resource pools, but my manager explicitly stated not to use this approach.

       

      Tl;dr: Is there an easy way to restrict a user's access to VMs in a specific folder in "VMs and Templates", despite all the VM folders being on the same host? Note that in the drop-down explorer on the left of VMWare the other folders aren't visible to the user, but the user can still access the VMs by searching in the upper right for some reason.