Automation

 View Only
  • 1.  vCenter NoAccess not affecting PowerCLI

    Posted Sep 14, 2017 09:49 AM

    Hello everyone

    I am having a serious issue. We are running a dedicated vSphere environment for a customer. We have created a management resource pool for our vms (SRM, vCenter, PSC and so on) and put the datastores and network into folders on which we set NoAccess to the customers admin  and backup groups.

    In webclient that works well.

    However, the client noticed he is able to backup our vms as well. Upon further inspection, I learned that I can use a restricted user to normally browse our management datastore and list the vms in it.

    I seem to be missing some fundamental knowledge here. Do I have to edit an independent set of permissions for PowerCLI?

    Regards and thanks,

    MArco



  • 2.  RE: vCenter NoAccess not affecting PowerCLI

    Posted Sep 14, 2017 01:22 PM

    No, PowerCLI has no permissions, it purely relies on the ones set on the vCenter.

    Did you already try setting the NoAccess on the root folder?

    You can get that with

    $rootFolder = Get-Folder -Name Datacenters

    Also note that there are 4 types of folders (Host & Cluster, VM & Template, Storage, Network).
    You will have to set permissions on all 4 of these.