VMware Cloud Community
RobertFIC
Contributor
Contributor
‎09-12-2012 11:00 AM

Groups missing after upgrade to 5.1 from 5.0 Update01 b623860

I did my first upgrade to 5.1 yesterday on a test system and all that appears to be wrong is this situation.  Anyone have any thoughts?

Preview file
83 KB
Preview file
18 KB
Reply
0 Kudos
5 Replies
RobertFIC
Contributor
Contributor
‎09-13-2012 04:18 PM

Further:

Is it correct that one cannot create a local Group in 5.1?  Return when I try to do so is:

Create Group Error

The operation is not supported on the object.

Error Stack

Call "HostLocalAccountManager.CreateGroup" for object "ha-localacctmgr" on ESXi "..." failed.

This is the case on a clean install of 5.1 as well.

As it stands the local Group that I had previously created on 5.0 still exists if I do an upgrade to 5.1 and each User whom was added as a member of such prior to upgrading to 5.1 can log in to the host as the local Group was given "Administrator" as its Role.

What am I missing?

Reply
0 Kudos
RobertFIC
Contributor
Contributor
‎09-13-2012 10:41 PM

http://pubs.vmware.com/vsphere-51/topic/com.vmware.wssdk.apiref.doc/vim.host.LocalAccountManager.htm...

"Deprecated. As of vSphere API 5.1, local user groups are not supported   and group specific methods will throw NotSupported."

Hadn't had the opportunity yet to read deep into the 5.1 documentation but came back to the office tonight to do so.  There's the answer to this.

Reply
0 Kudos
netarus
Contributor
Contributor
‎01-07-2013 08:23 AM

Is there some method that is replacing groups?  In other words, if we wants a group of VMs to be assigned to a group of users, how do we accomplish this with 5.1 if the API no longer supports it?

Thank you for your prompt reply.

Reply
0 Kudos
snorgy
Contributor
Contributor
‎01-14-2013 03:20 PM

We had a similar situation.  We use a local account on the host to allow the monitoring system to login and grab metrics.  Before, we'd just put the user in the readonly group when we created the user.  The work-around -- which may or may not suit your needs -- was to create the user without a group, then pop over to the Permissions tab and grant the 'Read-only' role to that new user.  The difference is just that we're not using the group membership to make it read-only, we're setting the permissions on the user itself.

Hope this helps.

Reply
0 Kudos
N3wbl3tz
Contributor
Contributor
‎04-22-2013 09:19 AM

For those not using Active Directory as an authentication / group mechanism, any idea if the ability to create local groups may be reintroduced with future updates. The temporary solution of specifying permissions on an individual basis is not appealing and could lead to a permission management nightmare for groups or small IT shops not using Active Directory. If groups are not to be used in subsequent updates perhaps the removal of the feature in the vsphere client would be a viable suggestion? Please advise.

Reply
0 Kudos