Symptoms:
Deploying containers with volumes the VCH reports docker: Error response from daemon: Server error from portlayer: ServerFaultCode: Permission to perform this operation was denied

• The VCH port-layer.log reports messages like the following:

ERROR op=294.31: CommitHandler error on handle(8807e94d2df7ad01b27762034aff6a27) for 96fbf45dc99c4738e3f1108419be2f42fb44470000a77878471253fc8b598769: ServerFaultCode: Permission to perform this operation was denied.

• The vCenter vpxd-svcs.log reports messages similar to one or more of the following:

[tomcat-exec-245  WARN  com.vmware.cis.authorization.impl.AclPrivilegeValidator  opId=<ID>] User domain.local\vic-ops does not have privileges [System.Read] on object urn%3Avmomi%3AInventoryServiceCategory%<ID>%3AGLOBAL  [tomcat-exec-239  WARN  com.vmware.cis.authorization.impl.AclPrivilegeValidator  opId=] User domain.local\vic-ops does not have privileges [System.Read] on object urn%3Avmomi%3AInventoryServiceTag%3A<ID>%3AGLOBAL  [tomcat-exec-235  WARN  com.vmware.cis.core.authz.accesscontrol.impl.CheckPrivilegesRouterRiseImpl  opId=] User domain.local\vic-ops does not have privileges [System.Read] on object urn%3Avmomi%3AVirtualMachine%3Avm-1809%<ID>

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

To resolve this issue, validate that we have all required permission to perform the task. The required permissions are documented at Manually Create a User Account for the Operations User. In addition to the defined permissions found in the documentation you also must add the following permissions to the following roles.