VMware Cloud Community
sfont3n
Enthusiast
Enthusiast
‎03-13-2008 07:27 AM

VC rights

trying to create a roll where a group of users are just able to power on, reset, and turnoff vms. also would like these users to be able to attach there cdrom from there pc to the vm. does anyone know exactly which rights the need to attach local cd-rom to vm?

0 Kudos
27 Replies
LarsLiljeroth
Expert
Expert
‎03-13-2008 08:34 AM

That is the "Virtual Machine User" That one has these previledges

Power On

Power OFF

Suspend

Reset

Answer Questions

Console

Device connection

Configure CD

Configure Floppy

Tools install

Just what you listed... Smiley Wink you can off course make your own role and take out some of the priviledges.

br

lars

If you found this information usefull please award points.

// Lars Liljeroth -------------- *If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!
0 Kudos
sfont3n
Enthusiast
Enthusiast
‎03-13-2008 08:43 AM

nope

get permission to perform this operation was denied

0 Kudos
LarsLiljeroth
Expert
Expert
‎03-13-2008 08:53 AM

Hmm works fine for me..

Did you set these on the host or on the Vms ?

Since these priviledges are pure VM Guest rights make sure to set these on the VMs. In the Vitual machine and template view. We set it on a folder there and then add VM's in here...

// Lars Liljeroth -------------- *If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!
0 Kudos
mike_laspina
Champion
Champion
‎03-13-2008 08:57 AM

What groups and roles are applied to the object, you may be experiancing a permissions override at the object level.

http://blog.laspina.ca/ vExpert 2009
0 Kudos
sfont3n
Enthusiast
Enthusiast
‎03-13-2008 08:59 AM

what i have is 4 datacenters

in one of the datacenters there is cluster a and cluster b

i want this rights to apply to certain users and only aplly it to cluster b because thoes users only need to see cluster b

0 Kudos
KJPettersson
Contributor
Contributor
‎03-13-2008 09:01 AM

Try to create a group with Read only access and no Propagate on the "root" object in VC (Host and clusters view).

edit

(And ofcourse add the users to the group Smiley Happy

0 Kudos
mike_laspina
Champion
Champion
‎03-13-2008 09:06 AM

No don't do that! We don't know how it is setup yet.

Let's find out what is configured first.

http://blog.laspina.ca/ vExpert 2009
0 Kudos
hicksj
Virtuoso
Virtuoso
‎03-13-2008 09:10 AM

Fully agree with Mike!

KJP - WHY would you suggest this? What are you trying to accomplish?

0 Kudos
sfont3n
Enthusiast
Enthusiast
‎03-13-2008 09:14 AM

i am trying this with a test account

i gave my test account read only at the object layer of the cluster within the datacenter and still no luck

0 Kudos
KJPettersson
Contributor
Contributor
‎03-13-2008 09:16 AM

to solve the problem with "premission denied" when you add userright "virtual machine user" and tty to mount the cdrom on an vm.

is there any other way?? (belive this is an BUG in VC..)

i got it from this post org... http://communities.vmware.com/message/862964#862964

0 Kudos
dpomeroy
Champion
Champion
‎03-13-2008 09:24 AM

There are some permission related bugs in VC 2.5. One fix we got from VMware Support that resolved (some) of our issues is to apply the role "Virtual Machine Power User" at the "Host and Clusters" folder level for the group in question. MAKE SURE to uncheck the propagate permissions box, you only want this to apply on the hosts and clusters folder.

Don Pomeroy

VMware Communities User Moderator

0 Kudos
mike_laspina
Champion
Champion
‎03-13-2008 09:26 AM

Do you have any builtin groups assigned to your objects that are inheriting rights? Like the users group.

You need to keep in mind that if a user is a member of two groups then the roles are unioned and then applied. These can be overriden at the object level.

http://blog.laspina.ca/ vExpert 2009
0 Kudos
KJPettersson
Contributor
Contributor
‎03-13-2008 09:28 AM

Yep, thats the way i had to solved it, only i used the "Read-Only" role, works fine so far.

0 Kudos
dpomeroy
Champion
Champion
‎03-13-2008 09:30 AM

Thats interesting, did you get "read only" from VMware Support, or your own trial and error?

Don Pomeroy

VMware Communities User Moderator

0 Kudos
KJPettersson
Contributor
Contributor
‎03-13-2008 09:34 AM

see last post at link i posted, he added read-only rights so i did the same thing

0 Kudos
mike_laspina
Champion
Champion
‎03-13-2008 09:39 AM

Hello,

I'm not saying it is wrong. We just need to know what's there before changing it. Rights can disable everything if not applied carefully.

I have had to do a simmilar change on mine.

http://blog.laspina.ca/ vExpert 2009
0 Kudos
sfont3n
Enthusiast
Enthusiast
‎03-13-2008 10:02 AM

resolved

0 Kudos
KJPettersson
Contributor
Contributor
‎03-14-2008 05:31 AM

What did you do to solve it?

0 Kudos
KJPettersson
Contributor
Contributor
‎03-14-2008 05:31 AM

What did you do to solve it?

0 Kudos