vCenter

I'm trying to create a new role (AD-ROLE) for the admin team that could do the following:

• upload ISO to Content Libarary
• create a new virtual machine and connect an ISO from Content Library
• convert virtual machine to template on Content Library
• deploy a new vm using the template on Content Library
• be able to view Content Library to see available OVF/OVA and templates

I created a group (AD-Group) and added to Global Permissions with the AD-ROLE and propagated to children.

The current (AD-ROLE) privileges has been configured, but when I deploy from template and try to select the compute resource it get this error:
You do not have permission to create a virtual machine from a library template in the selected resource. Select another location.

What is the missing privilege to be able to select the compute resource ?

Content Library

• Add library item
• Chek in a template
• Check out a template
• Create a subscription for a published library
• Delete library item
• Download files
• Evict library item
• Probe subscription information
• Publish a library item to its subscribers
• Publish a library ito its subscribers
• Read storage
• Sync library item
• Update files
• Update library
• Update library item
• Update local library
• View configuration settings

Datastore

• Allocate space
• Browse datastore
• Low level file operation

Network

• Assign network

Virtual machine

• Change Configuration
  • Add existing disk
  • Add new disk
  • Add or remove device
  • Change CPU count
  • Chamge Memory
• Edit Inventory
  • Create from existing
  • Create new
• Interaction
  • Answer question
  • Backup operation on virtual machine
  • Configure CD media
  • Configure floppy media
  • Connect devices
  • Console interaction
  • Create screenshot
  • Defragment all disks
  • Drag and drop
  • Guest operation system management by VIX API
  • Inject USB HID scan codes
  • Install VMware Tools
  • Pause or Unpause
  • Perform wipe or shrink operations
  • Power off
  • Power on
  • Reset
  • Suspend
  • privilege.VirtualMachine.Interact.SuspendToMemory.label
• Provisioning
  • Clone template
  • Clone virtual machine
  • Create template from virtual machine
  • Customize guest
  • Deploy template
  • Mark as template
  • Mark as virtual machine

I am running into the same issue. FWIW

I am also having this issue. Were you able to find a solution?

You need to provide vApp.Import permissions.

You are probably using OVF/OVA templates.

This was it for me - thanks! Of course, Content Library and vApp are related. 

This has not worked for me

Confirmed, this worked for me. I wouldn't have thought a Content Library error message of "You do not have permission to create a virtual machine from a library template in the selected resource. Select another location." would be fixed via a vApp permission vApp Privileges (vmware.com).

Thanks!

This solved my issue. Thank you, friend. 

You have to create a custom role with desired permissions you want to give to end user. Like create a custome role AD-ROLE with privileges you want to give, then create a user e.g User1 and assign this user the role AD-ROLE in the Datacenter permissions and assign role "content library administrator" to the same user (User1) in Global Permissions.

Hope this will solve your concern.

Regards,

Sachchidanand