Is it correct that one cannot create a local Group in 5.1? Return when I try to do so is:
Create Group Error
The operation is not supported on the object.
Call "HostLocalAccountManager.CreateGroup" for object "ha-localacctmgr" on ESXi "..." failed.
This is the case on a clean install of 5.1 as well.
As it stands the local Group that I had previously created on 5.0 still exists if I do an upgrade to 5.1 and each User whom was added as a member of such prior to upgrading to 5.1 can log in to the host as the local Group was given "Administrator" as its Role.
What am I missing?
"Deprecated. As of vSphere API 5.1, local user groups are not supported and group specific methods will throw NotSupported."
Hadn't had the opportunity yet to read deep into the 5.1 documentation but came back to the office tonight to do so. There's the answer to this.
Is there some method that is replacing groups? In other words, if we wants a group of VMs to be assigned to a group of users, how do we accomplish this with 5.1 if the API no longer supports it?
Thank you for your prompt reply.
We had a similar situation. We use a local account on the host to allow the monitoring system to login and grab metrics. Before, we'd just put the user in the readonly group when we created the user. The work-around -- which may or may not suit your needs -- was to create the user without a group, then pop over to the Permissions tab and grant the 'Read-only' role to that new user. The difference is just that we're not using the group membership to make it read-only, we're setting the permissions on the user itself.
Hope this helps.
For those not using Active Directory as an authentication / group mechanism, any idea if the ability to create local groups may be reintroduced with future updates. The temporary solution of specifying permissions on an individual basis is not appealing and could lead to a permission management nightmare for groups or small IT shops not using Active Directory. If groups are not to be used in subsequent updates perhaps the removal of the feature in the vsphere client would be a viable suggestion? Please advise.