0

I am trying out this community sample to set encryption policy to my VM. I've created a new user(A) added to a new group(Ag). Have assigned all below privileges to a New Role (Ar):

cryptographic operations, dvPort group, Distributed switch Global Host Profile-driven storage Virtual machine

This Ag is has access to vCenter with Role Ar and 'propagate to children' is 'True'.

User A is able to encrypt/decrypt the VMs from vSphere webclient and using PowerCLI scripts as well. but whenever I try to perform same operation from SDK, it gives error :

session does not have privilege Cryptographer.Encrypt on entity

Issue is persistent with pyvmomi library versions : 6.7.1 and 8.0.0.1.2

The privileges on the VM are:

 [
         'System.Anonymous',
         'System.View',
         'System.Read',
         'Global.ManageCustomFields',
         'Global.SetCustomField',
         'Global.LogEvent',
         'Global.CancelTask',
         'Global.Licenses',
         'Global.Diagnostics',
         'Global.Settings',
         'Global.VCServer',
         'Global.CapacityPlanning',
         'Global.ScriptAction',
         'Global.Proxy',
         'Global.DisableMethods',
         'Global.EnableMethods',
         'Global.ServiceManagers',
         'VirtualMachine.Config.Rename',
         'VirtualMachine.Config.Annotation',
         'VirtualMachine.Config.AddExistingDisk',
         'VirtualMachine.Config.AddNewDisk',
         'VirtualMachine.Config.RemoveDisk',
         'VirtualMachine.Config.RawDevice',
         'VirtualMachine.Config.HostUSBDevice',
         'VirtualMachine.Config.CPUCount',
         'VirtualMachine.Config.Memory',
         'VirtualMachine.Config.AddRemoveDevice',
         'VirtualMachine.Config.EditDevice',
         'VirtualMachine.Config.Settings',
         'VirtualMachine.Config.Resource',
         'VirtualMachine.Config.UpgradeVirtualHardware',
         'VirtualMachine.Config.ResetGuestInfo',
         'VirtualMachine.Config.ToggleForkParent',
         'VirtualMachine.Config.AdvancedConfig',
         'VirtualMachine.Config.DiskLease',
         'VirtualMachine.Config.SwapPlacement',
         'VirtualMachine.Config.DiskExtend',
         'VirtualMachine.Config.ChangeTracking',
         'VirtualMachine.Config.QueryUnownedFiles',
         'VirtualMachine.Config.ReloadFromPath',
         'VirtualMachine.Config.QueryFTCompatibility',
         'VirtualMachine.Config.MksControl',
         'VirtualMachine.Config.ManagedBy',
         'Cryptographer.ManageKeys',
         'Cryptographer.ManageKeyServers',
         'Cryptographer.ReadKeyServersInfo',
         'Cryptographer.ManageEncryptionPolicy',
         'Cryptographer.Access',
         'Cryptographer.RegisterHost',
         'Cryptographer.EncryptNew',
         'Cryptographer.Encrypt',
         'Cryptographer.Decrypt',
         'Cryptographer.RegisterVM',
         'Cryptographer.Migrate',
         'Cryptographer.Recrypt',
         'Cryptographer.AddDisk',
         'Cryptographer.Clone',
         'StorageProfile.Update',
         'StorageProfile.View'
      ]
  • Faced this issue with Administrator user to start with.
  • Created another user and added it to administrator group but the issue persisted.
  • Performed same operation with PowerCLI with same users, it worked correctly.
  • Tried storage filter only policy was able to assign the same without issues.
  • Created a new user A, group Ag and role Ar with required permissions and issue still persists.

I want to use pyvmomi sdk to set encryption policy to vmware VMs.

deepali
  • 1

0 Answers0