Symptoms:
Deploying containers with volumes the VCH reports docker: Error response from daemon: Server error from portlayer: ServerFaultCode: Permission to perform this operation was denied
ERROR op=294.31: CommitHandler error on handle(8807e94d2df7ad01b27762034aff6a27) for 96fbf45dc99c4738e3f1108419be2f42fb44470000a77878471253fc8b598769: ServerFaultCode: Permission to perform this operation was denied.
[tomcat-exec-245 WARN com.vmware.cis.authorization.impl.AclPrivilegeValidator opId=<ID>] User domain.local\vic-ops does not have privileges [System.Read] on object urn%3Avmomi%3AInventoryServiceCategory%<ID>%3AGLOBAL
[tomcat-exec-239 WARN com.vmware.cis.authorization.impl.AclPrivilegeValidator opId=] User domain.local\vic-ops does not have privileges [System.Read] on object urn%3Avmomi%3AInventoryServiceTag%3A<ID>%3AGLOBAL
[tomcat-exec-235 WARN com.vmware.cis.core.authz.accesscontrol.impl.CheckPrivilegesRouterRiseImpl opId=] User domain.local\vic-ops does not have privileges [System.Read] on object urn%3Avmomi%3AVirtualMachine%3Avm-1809%<ID>
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
To resolve this issue, validate that we have all required permission to perform the task. The required permissions are documented at Manually Create a User Account for the Operations User. In addition to the defined permissions found in the documentation you also must add the following permissions to the following roles.
Role |
Permission |
VCH - datacenter |
VirtualMachine > Configuration > Add existing disk |
VCH - endpoint |
Global > Enable methods Global > Disable methods |