Hi,
someone just asked me where to find the Profile Driven Storage privileges documented here:
VM Storage Policies Privileges (vmware.com)
On a vCenter 7.0 we found them, but in vCenter 8.0U1 we don't find this. Because we want to create a role for a Veeam user...
Do we missed something?
Kind regards
Stefan
As mentioned by others, Profile Driven Storage has indeed been renamed to VM Storage Policies in the UI (between 7.x and 8.x).
Interestingly, I've always referred to it as VM Storage Policies as it applies to VMs, but I do recall underlying capability/feature was more generic when it was introduced and I suspect is where the term had originated from.
Furthermore, we also introduced a few more granular privileges for VM Storage Policies rather than uber view and update but these were some how missed in the documentation (this is already a known issue and I saw a note from docs team that they've already have this on radar to update).
Fortunately, from an API point of view as well as the privilege names, they don't actually change and we most likely kept the original ones for backwards compatibility purposes.
You can continue to use "Update VM storage policies" (StorageProfile.Update) which maps to the original "Profile-driven storage update" and "View VM storage policies" (StorageProfile.View) which maps to the original "Profile-driven storage view". If you want to take advantage of the fine-grain permissions (again, this will depend on the vendor in this case Veeam on what they absolutely need) but in the new model:
and depending if they need to view the container mappings and/or permissions, then you can apply the additional two priviledges:
As you can probably guess from the granular breakdown, this will allow users to consume VM Storage Policies without necessary making changes to the policies themselves, where as today, anyone with the "Update" would be able to not only change the policy but even create or delete existing policies, which certainly wasn't ideal and the change here was not only on the naming but to provide further granular functionality for managing VM Storage Policies
Hi Ben,
but what must be selected if i need:
Profile-driven storage.Profile-driven storage update
Profile-driven storage.Profile-driven storage view
In the past there was this 2 privileges, now i see there 7... Wich one of this 7 are the correct ones, which refelfts the two above?
If i should guess, i would say:
Update VM storage policies
View VM storage policies
But i need this for shure... On the other hand, i told our Veeam specialist already, the best will be to open a case at Veeam, they must say what is now the correct one.
Kind regards
Stefan
Hi Stefan,
from my tests this should be exactly these permissions, correct.
But if you want to be 100% sure, a ticket would certainly be helpful.
BR Ben
As mentioned by others, Profile Driven Storage has indeed been renamed to VM Storage Policies in the UI (between 7.x and 8.x).
Interestingly, I've always referred to it as VM Storage Policies as it applies to VMs, but I do recall underlying capability/feature was more generic when it was introduced and I suspect is where the term had originated from.
Furthermore, we also introduced a few more granular privileges for VM Storage Policies rather than uber view and update but these were some how missed in the documentation (this is already a known issue and I saw a note from docs team that they've already have this on radar to update).
Fortunately, from an API point of view as well as the privilege names, they don't actually change and we most likely kept the original ones for backwards compatibility purposes.
You can continue to use "Update VM storage policies" (StorageProfile.Update) which maps to the original "Profile-driven storage update" and "View VM storage policies" (StorageProfile.View) which maps to the original "Profile-driven storage view". If you want to take advantage of the fine-grain permissions (again, this will depend on the vendor in this case Veeam on what they absolutely need) but in the new model:
and depending if they need to view the container mappings and/or permissions, then you can apply the additional two priviledges:
As you can probably guess from the granular breakdown, this will allow users to consume VM Storage Policies without necessary making changes to the policies themselves, where as today, anyone with the "Update" would be able to not only change the policy but even create or delete existing policies, which certainly wasn't ideal and the change here was not only on the naming but to provide further granular functionality for managing VM Storage Policies
Thank you very much for that detailed answer!
Here's a more detailed analysis and implication of these changes https://williamlam.com/2023/06/improved-vm-storage-policy-profile-driven-storage-privileges-in-vsphe...