vCenter

 View Only
  • 1.  [VCB] Role permissions for backup and restore VM

    Posted Jun 02, 2012 12:51 PM

    Hi,

    I'm using VCB to backup restore VMs.

    I need to delegate autorisation to another users to manage backup and restore. But i wouldn't like to give them admin right, just permissions to backup, and restore on existing VM or not.

    I know permissions related to backup (http://www.vmware.com/pdf/vsphere4/r40/vsp_vcb_15_u1_admin_guide.pdf) but any information about requirement about restore.

    I've found on another post (http://communities.vmware.com/message/1439438) where dan_white has post an excel with lot of permissions but it doesn't work ...

    Permissions set to vcbuser role (base on Excel):

    - Datastore.Allocate space

    - Datastore.Browse Datastore

    - Datastore.Low level file operations

    - Datastore.remove file

    - Folder.Create folder

    - Folder.Move folder

    - Folder.Rename folder

    - Global.Cancel task

    - Network.Assign network

    - Resource.Assign virtual machine to resource pool

    - Resource.Migrate

    - Resource.Relocate

    - Task.*

    - Virtual Machine.Configuration.Add New Disk

    - Virtual Machine.Configuration.Advanced

    - Virtual Machine.Configuration.Change CPU count

    - Virtual Machine.Configuration.change resource

    - Virtual Machine.Configuration.disk lease

    - Virtual Machine.Configuration.extend virtual disk

    - Virtual Machine.Configuration.host USB device

    - Virtual Machine.Configuration.memory

    - Virtual Machine.Configuration.rename

    - Virtual Machine.Configuration.settings

    - Virtual Machine.Inventory.create from existing

    - Virtual Machine.Inventory.create new

    - Virtual Machine.Inventory.move

    - Virtual Machine.Inventory.register

    - Virtual Machine.Inventory.remove

    - Virtual Machine.Provisionning.Allow disk access

    - Virtual Machine.Provisionning.allow read-only disk access

    - Virtual Machine.Provisionning.allow virtual machine download

    - Virtual Machine.Provisionning.allow virtual machine files upload

    - Virtual Machine.Provisionning.customize

    - Virtual Machine.State.create snapshot

    - Virtual Machine.State.Remove snapshot

    Last log lines are :

    [2012-06-02 14:46:54.901 F2DD16D0 trivia 'vmomi.soapStub[0]'] Received soap response from [TCP:ssc2pin3vctrw1:443]: GetConfig
    [2012-06-02 14:46:54.903 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualIDEController
    [2012-06-02 14:46:54.903 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualIDEController
    [2012-06-02 14:46:54.903 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualPS2Controller
    [2012-06-02 14:46:54.903 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualPCIController
    [2012-06-02 14:46:54.903 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualSIOController
    [2012-06-02 14:46:54.903 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualKeyboard
    [2012-06-02 14:46:54.903 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualPointingDevice
    [2012-06-02 14:46:54.904 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualVideoCard
    [2012-06-02 14:46:54.904 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualLsiLogicController
    [2012-06-02 14:46:54.904 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualDisk
    [2012-06-02 14:46:54.904 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualDisk
    [2012-06-02 14:46:54.904 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualCdrom
    [2012-06-02 14:46:54.904 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualPCNet32
    [2012-06-02 14:46:54.904 F2DD16D0 verbose 'vcbRestore'] Found a device: vim.vm.device.VirtualFloppy
    [2012-06-02 14:46:54.904 F2DD16D0 trivia 'vmomi.soapStub[0]'] Sending soap request to [TCP:ssc2pin3vctrw1:443]: reconfigure {}
    [2012-06-02 14:46:54.904 F2DD16D0 trivia 'vmomi.soapStub[0]'] Request started [N7Vmacore4Http13UserAgentImpl22AsyncSendRequestHelperE:0x59e2d440]
    [2012-06-02 14:46:54.907 F2D6DB90 trivia 'vmomi.soapStub[0]'] Request completed [N7Vmacore4Http13UserAgentImpl22AsyncSendRequestHelperE:0x59e2d440]
    [2012-06-02 14:46:54.907 F2DD16D0 error 'vcbRestore'] Error: No permission to perform this action.
    [2012-06-02 14:46:54.907 F2DD16D0 trivia 'vmomi.soapStub[0]'] Sending soap request to [TCP:ssc2pin3vctrw1:443]: unregister {}
    [2012-06-02 14:46:54.907 F2DD16D0 trivia 'vmomi.soapStub[0]'] Request started [N7Vmacore4Http13UserAgentImpl22AsyncSendRequestHelperE:0x59e2d440]
    [2012-06-02 14:46:54.909 F2909B90 trivia 'vmomi.soapStub[0]'] Request completed [N7Vmacore4Http13UserAgentImpl22AsyncSendRequestHelperE:0x59e2d440]
    terminate called after throwing an instance of 'Vim::Fault::NoPermission::Exception'
      what():  vim.fault.NoPermission
    /usr/sbin/vcbRestore: line 94: 28354 Aborted                 (core dumped) LD_LIBRARY_PATH=:/usr/lib/vmware/vmacore:/usr/lib/vmware/vcb VCB_PASSWORD="$PASSWORD" /usr/lib/vmware/vcb/vcbRestore -h "$VCHOST" -u "$USERNAME" -s "$legacy_dir" -L "6" --

    Thanks for your help :smileyhappy:



  • 2.  RE: [VCB] Role permissions for backup and restore VM

    Posted Jun 02, 2012 01:40 PM

    Teste providing all permissions from "Virtual Machine power user" plus:

    - Datastore.Allocate space

    - Datastore.Browse Datastore

    - Datastore.Low level file operations

    - Datastore.remove file

    - Folder.Create folder

    - Folder.Move folder

    - Folder.Rename folder

    - Global.Cancel task

    - Network.Assign network

    - Resource.Assign virtual machine to resource pool

    - Resource.Migrate

    - Resource.Relocate

    - Task.*



  • 3.  RE: [VCB] Role permissions for backup and restore VM

    Posted Jun 12, 2012 03:10 PM

    Final solution was to set permission as :

    CategoryItem
    DatastoreAllocate space
    DatastoreBrowse datastore
    DatastoreLow level file operations
    DatastoreRemove file
    FolderCreate folder
    FolderRename folder
    FolderMove folder
    GlobalCancel task
    NetworkAssign network
    ResourceAssign virtual machine to resource pool
    ResourceAssign VApp to resource pool
    ResourceMigrate
    ResourceRelocate
    Scheduled taskCreate tasks
    Scheduled taskModify task
    Scheduled taskRemove task
    Scheduled taskRun task
    TaskCreate task
    TaskUpdate task
    VirtualMachine.ConfigAdd existing disk
    VirtualMachine.ConfigAdd new disk
    VirtualMachine.ConfigAdd or remove device
    VirtualMachine.ConfigAdvanced
    VirtualMachine.ConfigChange CPU count
    VirtualMachine.ConfigChange resource
    VirtualMachine.ConfigDisk lease
    VirtualMachine.ConfigMemory
    VirtualMachine.ConfigModify device settins
    VirtualMachine.ConfigRemove disk
    VirtualMachine.ConfigRename folder
    VirtualMachine.ConfigReset guest information
    VirtualMachine.ConfigSettings
    VirtualMachine.ConfigUpgrade virtual hardware
    VirtualMachine.InteractPower On
    VirtualMachine.InteractDevice connection
    VirtualMachine.InteractAcquire guest control ticket
    VirtualMachine.InteractAnswer question
    VirtualMachine.InteractConfigure CD media
    VirtualMachine.InteractConfigure floppy media
    VirtualMachine.InteractConsole interaction
    VirtualMachine.InteractDevice connection
    VirtualMachine.InteractPower Off
    VirtualMachine.InteractPower On
    VirtualMachine.InteractReset
    VirtualMachine.InteractSuspend
    VirtualMachine.InteractVmware Tools install
    VirtualMachine.InventoryCreate from existing
    VirtualMachine.InventoryCreate new
    VirtualMachine.Inventoryregister
    VirtualMachine.InventoryMove
    VirtualMachine.ProvisioningAllow disk access
    VirtualMachine.ProvisioningAllow read-only disk access
    VirtualMachine.ProvisioningAllow virtual machine download
    VirtualMachine.ProvisioningAllow virtual machine files upload
    VirtualMachine.ProvisioningCustomize
    VirtualMachine.StateCreate snapshot
    VirtualMachine.StateRemove Snapshot

    Thanks, for your help :smileyhappy: