To understand the behavior of the vSphere Client.
Symptoms:
- Users does not reflect the correct permission/inventory immediately after changing their groups
- It takes lot of time for changes to sync and reflect in webclient and UI client.
- When a user from one group is removed and added to another group, after logoff and login again, user still shows the old permission.
- This issue is seen with vsphere.local SSO account as well as the Active directory accounts.
For example consider the following scenario
Create 2 vsphere.local groups : testgroup1 and testgroup2
- Create a vsphere.local user :
[email protected],
- Create 2 Folders : Folder-1 and Folder-2
- Add testgroup1 to Folder-1 (Read-only permission)
- Add testgroup2 to Folder-2 (Read-only permission)
- Add localuser "test-user" to "testgroup1" first. Log in with test-user account, and you will be able to see Folder-1.
- Log off
- Add localuser "test-user" to "testgroup2" and remove it from "testgroup1". Log in with test-user account, but now you can't see Folder-2. Instead you still see Folder-1.