Permissions/Rights Error When Attempting to Change Placement Policy on a VM
search cancel

Permissions/Rights Error When Attempting to Change Placement Policy on a VM


Article ID: 325619


Updated On:


VMware Cloud Director


  • The purpose of this KB is to resolve permissions/rights issues associated with SAML-authenticated users

  • When logged in with a user using SAML, that user is not able to change the placement policy of any vm despite being an Organization Administrator
  • Any attempt to change the placement policy returns the following message:
Error: [ <REQUEST_UUID> ] Either you need some or all of the following rights [VAPP_EDIT_VM_COMPUTE_POLICY] to perform operations [VAPP_VM_COMPUTE_POLICY_EDIT] for <OBJECT_UUID> or the target entity is invalid 
  • This operation completes successfully when executed as an Organization Administrator authenticated using LDAP


VMware Cloud Director 10.x
VMware Cloud Director for Service Provider 10.x


  • This issue occurs due to a missing right associated with pre-defined roles
  • This occurs most commonly in environments that have been upgraded numerous times
  • The rights continue to expand with each iterative version -- on occasion the default rights bundle needs to be re-published to ensure all rights have been captured for each user and role


  • The resolution is as follows:
1. Go to Right Bundles
2. Click edit the 'Default Rights Bundle'
3. Go to "vApp >" and select 'Edit VM Compute Policy' and save it
4. Now Publish "Default Rights Bundle" to all tenants (if needed un-publish first then re-publish it again)
5. Logout and login back to the tenant as an Organization Administrator

  • At this time there is no other workaround

Additional Information

  • This issue prevents execution of some basic administrative tasks