Hi, we have a vsphere cluster to which need to grant customer access with a limited set of permissions.
The customer environment is separate i.e. there is a Firewall NAT configuration in place, and an identity source created in vCenter for customer AD.
The required permissions are working bar one issue. If the customer tried to upload a file or folder to a datastore they cannot. They can do all other functions such as browse datastore or move/delete files.
As part of the NAT configuration we've implemented DNS entry to resolve to the vCenter server - this is working.
In addition, to DNS/NAT for vCenter is there also a requirement for ESXi hosts to have DNS/NAT? We don't want to do this so does anyone have experience in a similar setup?