To understand the behavior of the vSphere Client.
Symptoms:
For example consider the following scenario
Create 2 vsphere.local groups : testgroup1 and testgroup2
- Create a vsphere.local user : [email protected],
- Create 2 Folders : Folder-1 and Folder-2
- Add testgroup1 to Folder-1 (Read-only permission)
- Add testgroup2 to Folder-2 (Read-only permission)
- Add localuser "test-user" to "testgroup1" first. Log in with test-user account, and you will be able to see Folder-1.
- Log off
- Add localuser "test-user" to "testgroup2" and remove it from "testgroup1". Log in with test-user account, but now you can't see Folder-2. Instead you still see Folder-1.
In vSphere 7.0 we recompute the user permissions if an SSO token is used and the groups for it are different than the groups in the existing session.
To resolve this issue download VMware vCenter Server 7.0.0 at Broadcom Downloads
Workaround:
To workaround this issue logout all existing account sessions and then login again in order the for full group membership to take effect .
NOTE: This action does not require a reboot.