VMware vSphere

I have a user who was getting an error that they did not have sufficient privileges to a certain network when adding a network card for a certain network. Looking at the permissions at the cluster level it shows he is Administrator for "This object and its children" Wouldn't that give him Administrator access to everything including the networks defined in that cluster?

Hi,

VMware Knowledge Base

To modify virtual machine network settings, you require these permissions:

• Network > Assign Network
• Virtual Machine > Configuration > Modify device settings
• Virtual Machine > Configuration > Settings

To enable these permissions:

1. Connect vSphere Client to vCenter Server.
2. Click Home.
3. Click Roles.
4. To create a new user role, right-click on a blank area and select Add.
5. Enter a name, For example, VM Network Admin.
6. Expand Network and select Assign network.
7. Expand Virtual Machine > Configuration, select Modify device settings and Settings.
8. Click OK.
9. Add permission for this user at the datacenter level and assign the role to this user.

ARomeo

Thanks for the reply ARomeo. Looking closer at this it looks like the user has "Virtual machine user (sample)" at the Data center level but "Administrator" Role at the cluster level and "This object and its children" under the "Defined in" column. So I am correct in assuming the permissions at the Data center level are overriding his permissions at the cluster level for Network settings? I figured since he was Administrator at the cluster level he would be Administrator for the network settings at that cluster.

Networks are not child objects of a cluster:

vSphere Managed Inventory Objects