ESXi

 View Only
  • 1.  Bug in role?

    Posted Nov 27, 2009 05:04 AM

    Hi all,

    I create a user group "labuser" and assign it "Virtual Machine Power User (example)".

    So, create a user1 as labuser member. When I try to create a VM it's denied as "Need to assign Allocate Resource to VM", so I did.

    After that, user1 can create VM no problem, however it goes too smoothly. I notice as user1, I can act as if I'm administrator. I can edit Roles. Eventhough I shouldn't have the permission (it's untick). I'm suspecting if it's a bug. Pls let me know if you need more info.



  • 2.  RE: Bug in role?

    Posted Nov 30, 2009 08:58 PM

    Hello,

    Are you trying to set this on the Host or via vCenter. Also is the labuser part of any groups such as Administrator.


    Best regards,
    Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

    Virtualization Practice Analyst[/url]
    Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
    Also available 'VMWare ESX Server in the Enterprise'[/url]
    [url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|
    [url=http://www.astroarch.com/wiki/index.php/Virtualization_Security_Round_Table_Podcast]Virtualization Security Round Table Podcast[/url]



  • 3.  RE: Bug in role?

    Posted Nov 30, 2009 11:47 PM

    Hi Edward,

    I set it from VC. So the story is:

    I create a group "userlab" on the XP where VC hosted. Then I create user such as user1, user2 as member of userlab group. No, they are not member of administrators.

    Then in VC I give permission to userlab group with Virtual Machine Power User (example).

    One thing that is most visible to me that is strange/buggy is that, as user1, I can change my role (permission) (thus user1 can elevate his permission as administrator). Whereas in the VM Power User (example) role that is clearly unassigned.

    What do you think?



  • 4.  RE: Bug in role?

    Posted Dec 01, 2009 01:07 AM

    To which object are you assigning the role "Virtual Machine Power User (example)"?

    I was not able to replicate this problem. Is this a clean install or do you have other permissions assigned that might be taking precedence?

    Cameron J. Smith

    System Administrator, Purdue University



  • 5.  RE: Bug in role?

    Posted Dec 01, 2009 03:59 AM

    Really you don't have this problem? It's a very clean install. Fresh XP, ESXi4.0. Only two roles now: Administrator and VM Power User (example).

    I assign the permission to the Host.

    Could the bug is triggered by I'm logging at the same time to the VC as administrator from the same XP? But then, when I suspect this, I reboot the XP (VC Server), the problem persists. Too bad I don't compare the permission when I haven't done the double login.

    What do you think?



  • 6.  RE: Bug in role?
    Best Answer

    Posted Dec 01, 2009 04:09 AM

    No, I've tried this again with the same result - my user cannot add/edit/remove roles nor add/remove permissions to any objects. I added the "Virtual Machine Power User (sample)" role to an ESX4 host which resides in a cluster, in a datacenter, running on a vCenter 4 instance.

    I don't believe that this is triggered by logging into vcenter with two different usernames.

    So you are running vcenter on windows xp and you are also launching the vc client on the same machine? Can you also list the local groups that userX belongs to?

    Cameron J. Smith

    System Administrator, Purdue University



  • 7.  RE: Bug in role?

    Posted Dec 01, 2009 04:27 AM

    Yes, I run the vsphere client from the XP where VC is installed. So on vSphere client I put "localhost" as the destination.

    Upsss.. thanks for asking me to check the membership of user1.

    user1 is the first user in the XP, no wonder it has administrators membership. Arrggghhhh silly me.

    I test with another user and the permission is correct now.

    Thank you so much for pointing me this.



  • 8.  RE: Bug in role?

    Posted Dec 01, 2009 04:28 AM

    Excellent, glad I could help!

    Cameron J. Smith

    System Administrator, Purdue University



  • 9.  RE: Bug in role?

    Posted Dec 01, 2009 04:37 AM

    I used to work in Educational Institution too. Ping me if you plan to visit Singapore! :smileyhappy: