Duplicate Administrator role in Roles
search cancel

Duplicate Administrator role in Roles

book

Article ID: 314166

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Duplicate Administrator role in 'Roles' under 'Administration' in vCenter Server

 

Cause

User created duplicate system-defined role.

Resolution

Pending Resolution

Workaround:

Updat permissions for all users in the VCDB:

  1. SSH to vCenter Server
  2. Login to the VCDB: 
    • /opt/vmware/vpostgres/current/bin/psql -d VCDB -U postgres
  3. Check vpx_access table: 
    • VCDB=# select * from vpx_access;
    • Sample output:
      • id  |            principal             |   role_id   | entity_id | flag | surr_key
        ------+----------------------------------+-------------+-----------+------+----------
        ...
        1 |vsphere.local\Administrator  |  -880782715 |         1 |    1 |        1
        4920 | admin                            |  -880782715 |         3 |    2 |       13
        317 | vsphere.local\Administrators |  -880782715 |         3 |    3 |        2
  4. Migrate those permissions to Admin role:
    • VCDB=# update vpx_access set role_id = -1 where role_id = -880782715;
  5. Confirm the changes:
    • VCDB=# select * from vpx_access;
  6. Exit VCDB using \q
  7. Restart vpxd in order to reload permissions from DB:
    • vmon-cli -r vpxd

Removed extra Administrator role:
1. Open https://<vc-ip>/invsvc/mob3?moid=authorizationService&method=AuthorizationService.GetRoles to list all roles. Find out the role with name "Administrator" and copy its ID
2. Open https://<vc-ip>/invsvc/mob3?moid=authorizationService&method=AuthorizationService.DeleteRole
roleId = -880782715
Call the API via "Invoke Method". It should print return value "true".

Additional Information

Impact/Risks:

Administrator cannot do administrative tasks.


Powered by Wolken Software