Unable to perform RBAC for vCenter

Asked Aug 10 '16 at 12:38

Active Aug 10 '16 at 12:38

Viewed 31 times

I have added the vCenter to the AD, and I am able to retrieve groups. We have a Datacenter which has about 7 ESXi hosts. I'd like to slice these hosts, in such a way that a few users are granted access to only a few hosts when they login to vCenter.

I've shown what the schema looks like. I would like users to receive Admin privileges ONLY on the ESXi host that they've been granted access to. To do this, I have done the following:

On top most gspsec-vcenter, I added the user and given Admin privilege but Propagate to Child Objects is unchecked.
On GSPSEC datacenter, I added the user and given Admin privilege but Propagate to Child Objects is unchecked.
On Cluster cluster, I added the user and given Admin privilege but Propagate to Child Objects is unchecked.
On HOST ESXi host, I added the user and given Admin privilege but Propagate to Child Objects is checked.

So, on the host itself, I have granted admin privilege but I am still unable to see any VMs at all when I login with that user id.

Please assist.

asked Aug 10 '16 at 12:38

stealthmode

Have you looked at the permissions on one of the VM's? – joeqwerty Aug 10 '16 at 14:49
Yeah, I think this is the problem. So, even though I click `propagate for child objects` for the ESXi host, the VMs themselves don't see that the user was defined on a level above. But, in case I define `propagate for child objects` on the the `Cluster` I can see the user on the VM permissions as well. Why is this happening? – stealthmode Aug 10 '16 at 15:48
I see the same problem even if using the vSphere Web Client. – stealthmode Aug 11 '16 at 05:20
(Bump, no reply for 3 days) – stealthmode Aug 14 '16 at 09:18
Still no answers? – stealthmode Sep 18 '16 at 12:20

Unable to perform RBAC for vCenter

0 Answers0