Resource pool administrator group cannot create a new virtual machine or deploy a template to that pool
Article ID: 340903
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Users with the Resource Pool Administrator role cannot:
- Create a virtual machine
- Deploy a template to that pool
Environment
VMware vCenter Server 4.1.x
VMware vCenter Server 4.0.x
VMware vCenter Server 5.0.x
VMware vCenter Server 4.0.x
VMware vCenter Server 5.0.x
Resolution
The permissions to create a virtual machine (Create New) and deploy from template (Create from existing) are effective on these objects: Clusters, Hosts, and Virtual machine folders. Permissions assigned at the resource pool level are not effective.
Permissions are needed at all of these levels:
- Datastore > Allocate Space (effective on datastore)
- Network > Assign network (effective on network or network folder)
- Resource > Assign virtual machine to resource pool (effective on resource pools)
Note: A cluster as well as a host is considered a resource pool so this permission is required even if resource pools are not being used.
- Virtual Machine > Configuration > Add new disk (effective on virtual machines)
- Virtual Machine > Configuration > Add or remove device (effective on virtual machines)
- Virtual Machine > Inventory > Create new
Note: Pair with all of these levels: datacenter, clusters, hosts and virtual machine folders.
- Virtual Machine > Inventory > Create from existing
Note: Pair with all of these levels: datacenter, clusters, hosts and virtual machine folders.
If your permissions are not found on the effective objects, you cannot create a virtual machine. Some of these permission are only propagated to these objects from the datacenter level and need to be assigned directly. Check the permissions effective level to confirm that the correct permission is held with the correct object.
For example, the Network > Assign Network permission needs to be selected under Home > Inventory > Networking. Select the network in question, click the Permissions tab, and verify that the user/group has the permission at this level either directly or propagated from the datacenter object.
- For more information, see Appendix A in the Basic System Administration Guide.
- For vCenter 4.1, see Appendix A in the vSphere Datacenter Administration Guide
- For vCenter 5.0, see Assigning Permissions in the vSphere Security Guide
Feedback
Yes
No
Powered by
