Permissions/Rights Error When Attempting to Change Placement Policy on a VM
search cancel

Permissions/Rights Error When Attempting to Change Placement Policy on a VM

book

Article ID: 325619

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • The purpose of this KB is to resolve permissions/rights issues associated with SAML-authenticated users


Symptoms:
  • When logged in with a user using SAML, that user is not able to change the placement policy of any vm despite being an Organization Administrator
  • Any attempt to change the placement policy returns the following message:
Error: [ <REQUEST_UUID> ] Either you need some or all of the following rights [VAPP_EDIT_VM_COMPUTE_POLICY] to perform operations [VAPP_VM_COMPUTE_POLICY_EDIT] for <OBJECT_UUID> or the target entity is invalid 
  • This operation completes successfully when executed as an Organization Administrator authenticated using LDAP


Environment

VMware Cloud Director 10.x
VMware Cloud Director for Service Provider 10.x

Cause

  • This issue occurs due to a missing right associated with pre-defined roles
  • This occurs most commonly in environments that have been upgraded numerous times
  • The rights continue to expand with each iterative version -- on occasion the default rights bundle needs to be re-published to ensure all rights have been captured for each user and role

Resolution

  • The resolution is as follows:
1. Go to Right Bundles
2. Click edit the 'Default Rights Bundle'
3. Go to "vApp >" and select 'Edit VM Compute Policy' and save it
4. Now Publish "Default Rights Bundle" to all tenants (if needed un-publish first then re-publish it again)
5. Logout and login back to the tenant as an Organization Administrator

Workaround:
  • At this time there is no other workaround


Additional Information

Impact/Risks:
  • This issue prevents execution of some basic administrative tasks


Powered by Wolken Software