Feeds:
Posts
Comments

Archive for the ‘vCenter Permissions’ Category

Problem

We created a datastore that contain ISO files, and we wanted to grant permissions to users in order to attach these ISO files into their virtual machine’s CD-Rom. (in addition to the regular operations as power on/off and managing snapshots).

Solution

In order to do that I created a special Role , below you can find the content of that role.

  • Connect to the vSphere client
  • Go to Home > Role > Add new Role > Snapshots & Connect ISO
  • Check the following permissions:
    • Datastore > Browse datastore
    • Virtual Machine > Configuration > Modify device settings
    • Virtual Machine > Interaction > Configure CD media
    • Virtual Machine > Interaction > Console interaction
    • Virtual Machine > Interaction > Device Connection
    • Virtual Machine > Interaction > Power on
    • Virtual Machine > Interaction > Power off
    • Virtual Machine > State > Create snapshot
    • Virtual Machine > State > Remove snapshot
    • Virtual Machine > State > Rename snapshot
    • Virtual Machine > State > Revert to snapshot
  • Go to Home > VMs and Templates and > Stand on a certain folder > Permissions,  and add this role (Snapshots & Connect ISO) to a user on that path, for example :

            

  • Go to Home > Datastores > Stand on a certain datastore which contains the ISO files (in my example Emcvm-Images2) > Permissions > and add this role to the same user as you added on the folder (Snapshots & Connect ISO) ,for example :

              

  • The user will see as follow (Right click on the virtual Machine > Edit Settings) :

             

Fixed!

Idit.

Read Full Post »

Problem

I wanted to define user’s permissions on both “VMs and Templates” and “Hosts and clusters” for managing a virtual machine.  

Solution

  • First ,created a Role by the name: Snapshot User & Console , which has the following permissions:
  • Virtual machine > Interaction :
    • Console interaction
    • Device connection
    • Power Off
    • Power ON
    • Reset
  • Virtual machine > State :
    • Create Snapshot
    • Remove Snapshot
    • Rename Snapshot
    • Revert to Snapshot
  • Second, go to Home > VMs and Templates , go to the specific folder that I wanted and set the permission to the Role that I created : Snapshot User & Console. For example:  

             

  • Third, go to Home > Hosts and Clusters:
    • In order to clarify the terms , please view the following photo

                            

  • Stand on the datacenter name > Permissions and give the user No Access with Propagate checked .

            

  • Stand on the folder name (below the datacenter – if exist) > Permissions and give the user No Access with Propagate checked . (the same as the picture above.
  • Stand on the cluster name > Permissions and give the user Read Only  without Propagate checked .      

            

  • In case you are using a resource pool, stand on the resource pool > Permissions and give the user Snapshot User & Console (with Propagate checked). In case you are not using resource pools you won’t be need to do anything because the permissions on the machine will be taken automatically from the permissions that you defined in “VMs and Templates”.

                          In case you have a resource pool

                        

                         In case you don’t  have a resource pool

                        

  • The final view that the user will see is as follow:

             

Done!

Yaron & Idit 🙂

Read Full Post »

  • Network > Assign Network
  • Virtual Machine > Configuration > Add or Remove Device
  • Virtual Machine > Configuration > Modify Device Settings
  • Virtual Machine > Interaction > Device Connection

Afterwards do the following:

  • Go to: Home > Hosts and Clusters, on the datacenter level add to the user Read only permissions with propagate. Below the datacenter level change all the objects into No Access with propagate.  
  • Go to: Home > VMs and Templates , on the datacenter level you don’t need to add anything because the permissions already existed from paragraph 1 actions. Below the datacenter level change all the objects into No Access with propagate except for the folder on which you want to grant the user permissions to add network adapter. On that folder give the permissions of the role we have just created.   

Idit.

Read Full Post »

  • Folder > Create Folder
  • Folder > Rename Folder
  • Network > Assign Network
  • Virtual Machine > Inventory > Move

Idit.

Read Full Post »

  • Virtual Machine > Configuration > Change Resource
  • Virtual Machine > Configuration > Memory
  • Virtual Machine > Configuration > Modify Device Settings

Idit.

Read Full Post »

  • Create a new Role in the vCenter server which will include the following:
  • Network > Assign Network
  • Virtual Machine > Configuration > Modify device settings
  • Virtual Machine > Configuration > Interaction > Device Connection

Afterwards from the vSphere client do the following:

  • Go to: Home > Networking and assign the role you have just created on each one of your network labels.
  • Go to: Home > VMs & Templates  and assign the  same role on the proper folder.
  • Go to: Home > Hosts and Clusters, on the datacenter level add to the user Read only permissions without marking propagate. Below the datacenter level change all the objects into No Access with propagate.    

Idit.

Read Full Post »