3 Replies Latest reply on Jan 26, 2020 11:16 PM by kRontti

    VMmark 3.1.0 - vCenter Server permission

    kRontti Lurker

      Hello.

       

      We're trying to run some tests with VMmark, but we have problems with vCenter user permissions. vCenter is controlled by 3rd party provider and we have limited access to vCenter (ex. we don't have access to vCenter Users and Groups), but they are willing to add more permissions if we know what to ask.

       

      [main] INFO MAIN: Logging Into vCServer: <vcenter-server>

      [main] DEBUG MAIN : https://<vcenter-server>/sdk 1 [main] ERROR com.vmware.vim25.ws.WSClient - Exception caught while invoking method: Login com.vmware.vim25.NoPermission: Permission to perform this operation was denied.

       

      What permissions VMmark 3.1.0 needs from vCenter user? Is it possible to run VMmark without full vCenter Administrator privileges?

       

       

      -Kalle

        • 1. Re: VMmark 3.1.0 - vCenter Server permission
          fredab2 Enthusiast
          VMware Employees

          Kalle,

           

          I am looking into this and trying to test vCenter permissions other than administrator that will be successful for VMmark3 deployement.

           

          Fred

          • 2. Re: VMmark 3.1.0 - vCenter Server permission
            fredab2 Enthusiast
            VMware Employees

            Yes it is possible to run VMmark3 without full Administrator permissions.  We have run it in AWS Cloud environment with the provided CloudAdmin privileges.  Below I have provided those privileges for that are set for that role.  However, even though I am sure all the ones provided aren't needed.  You could start with the role privileges provided below and eliminate privileges, but at this time I don't have a better answer for you.  I will bring up this issue with the VMmark team about identifying only those role privileges needed versus administrator role for a future release or improvement.

             

             

            CloudAdmin role privileges:

             

            Alarms

            ·        -Acknowledge alarm

            ·        -Create alarm

            ·         -Disable alarm action

            ·        -Modify alarm

            ·        -Remove alarm

            ·        -Set alarm status

            Permissions

            ·        -Modify permission

            ·        -Modify role

            Certificate Management

            ·        -Create/Delete (below Admins priv).

            Cns

            ·          -Searchable

            Compute Policy

            ·        -Create and Delete Compute Policy

            Content Library

            ·        -Add library item

            ·        -Check in a template

            ·        -Check out a template

            ·        -Create local library

            ·        -Create subscribed library

            ·        -Delete library item

            ·        -Delete local library

            ·        -Delete subscribed library

            ·        -Download files

            ·        -Evict library item

            ·        -Evict subscribed library

            ·        -Import storage

            ·        -Probe subscription information

            ·        -Read storage

            ·        -Sync library item

            ·        -Sync subscribed library

            ·        -Type introspection

            ·        -Update configuration settings

            ·        -Update files

            ·        -Update library

            ·        -Update library item

            ·        -Update local library

            ·        -Update subscribed library

            ·        -View configuration settings

            Datastore

            ·        -Allocate space

            ·        -Browse datastore

            ·        -Configure datastore

            ·        -Low level file operations

            ·        -Remove file

            ·        -Update virtual machine files

            ·        -Update virtual machine metadata

            Extension

            ·        -Register extension

            ·        - Unregister extension

            ·        - Update extension

            Folder

            ·        -Create folder

            ·        -Delete folder

            ·        -Move folder

            ·        -Rename folder

            Global

            ·        -Cancel task

            ·        - Global tag

            ·        -Health

            ·        -Log event

            ·        -Manage custom attributes

            ·        -Service managers

            ·        -Set custom attribute

            ·        -System tag

            Hybrid Linked Mode

            ·        -Manage

            Host

            ·        -vSphere Replication

            o          -Manage replication

            vSphere Tagging

            ·        -Assign or Unassign vSphere Tag

            ·        -Assign or Unassign vSphere Tag on Object

            ·        -Create vSphere Tag

            ·        -Create vSphere Tag Category

            ·        -Delete vSphere Tag

            ·        -Delete vSphere Tag Category

            ·        -Edit vSphere Tag

            ·        -Edit vSphere Tag Category

            ·        -Modify UsedBy Field For Category

            ·        -Modify UsedBy Field For Tag

            Network

            ·        -Assign network

            Resource

            ·        -Apply recommendation

            ·        -Assign vApp to resource pool

            ·        -Assign virtual machine to resource pool

            ·        -Create resource pool

            ·        -Migrate powered off virtual machine

            ·        -Migrate powered on virtual machine

            ·        Modify resource pool

            ·        -Move resource pool

            ·        -Query vMotion

            ·        -Remove resource pool

            ·        -Rename resource pool

            Scheduled task

            ·        -Create tasks

            ·        -Modify task

            ·        -Remove task

            ·        -Run task

            Sessions

            ·        -Message

            ·        -Validate session

            Profile-driven storage

            ·        -Profile-driven storage update

            ·        -Profile-driven storage view

            Storage views

            ·        -View

            VcTrusts/VcIdentity

            ·        -Create/Update/Delete (below Admins priv).

            vApp

            ·        -Add virtual machine

            ·        -Assign resource pool

            ·        -Assign vApp

            ·        -Clone

            ·        -Create

            ·        -Delete

            ·        -Export

            ·        -Import

            ·         -Move

            ·        -Power off

            ·        -Power on

            ·        -Rename

            ·        -Suspend

            ·        -Unregister

            ·        -View OVF environment

            ·        -vApp application configuration

            ·        -vApp instance configuration

            ·        -vApp managedBy configuration

            ·        -vApp resource configuration

            Virtual machine

            ·        -Change Configuration

            o      --Acquire disk lease

            o      --Add existing disk

            o     --Add new disk

            o     --Add or remove device

            o     --Advanced configuration

            o     --Change CPU count

            o     --Change Memory

            o     --Change Settings

            o     --Change Swapfile placement

            o     --Change resource

            o     --Configure Host USB device

            o     --Configure Raw device

            o     --Configure managedBy

            o     --Display connection settings

            o     --Extend virtual disk

            o     --Modify device settings

            o     --Query Fault Tolerance compatibility

            o     --Query unowned files

            o     --Reload from path

            o     --Remove disk

            o     --Rename

            o     --Reset guest information

            o     --Set annotation

            o     --Toggle disk change tracking

            o     --Upgrade virtual machine compatibility

            ·        -Edit Inventory

            o     --Create from existing

            o     --Create new

            o     --Move

            o     --Register

            o     --Remove

            o     --Unregister

            ·        -Guest operations

            o     --Guest operation alias modification

            o     --Guest operation alias query

            o     --Guest operation modifications

            o     --Guest operation program execution

            o     --Guest operation queries

            ·        -Interaction

            o     --Answer question

            o     --Backup operation on virtual machine

            o     --Configure CD media

            o     --Configure floppy media

            o     --Connect devices

            o     --Console interaction

            o     --Create screenshot

            o     --Defragment all disks

            o     --Drag and drop

            o     --Guest operating system management by VIX API

            o     --Inject USB HID scan codes

            o     --Install VMware Tools

            o     --Pause or Unpause

            o     --Perform wipe or shrink operations

            o     --Power off

            o     --Power on

            o     --Reset

            o     --Suspend

            ·        -Provisioning

            o     --Allow disk access

            o     --Allow file access

            o     --Allow read-only disk access

            o     --Allow virtual machine download

            o     --Allow virtual machine files upload

            o     --Clone template

            o     --Clone virtual machine

            o     --Create template from virtual machine

            o     --Customize guest

            o     --Deploy template

            o     --Mark as template

            o     --Mark as virtual machine

            o     --Modify customization specification

            o     --Promote disks

            o     --Read customization specifications

            ·       -Service configuration

            o     --Allow notifications

            o     --Allow polling of global event notifications

            o     --Manage service configurations

            o     --Modify service configuration

            o     --Query service configurations

            o     --Read service configuration

            ·       -Snapshot management

            o     --Create snapshot

            o     --Remove snapshot

            o     --Rename snapshot

            o     --Revert to snapshot

            ·       -vSphere Replication

            o     --Configure replication

            o     --Manage replication

            o     --Monitor replication

            vSAN

            ·        -Cluster

            o      ---ShallowRekey

            vService

            ·        -Create dependency

            ·        -Destroy dependency

            ·        -Reconfigure dependency configuration

            ·        -Update dependency

             

             

             

            • 3. Re: VMmark 3.1.0 - vCenter Server permission
              kRontti Lurker

              Thanks for Your answer, we'll try with those.

               

               

              -Kalle