Administrator cannot assign Add Permission to an object in the vSphere Web Client
Article ID: 342351
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
- You see the error:
Permission to perform this operation was denied. You do not hold privilege "System -> Read" on folder "Datacenters"
Environment
VMware vCenter Server 4.1.x
VMware vCenter Server 4.0.x
VMware vCenter Server 5.0.x
VMware vCenter Server 6.0.x
VMware vCenter Server 4.0.x
VMware vCenter Server 5.0.x
VMware vCenter Server 6.0.x
Cause
This issue occurs when privileges to retrieve the list of all users from the parent object are not defined.
System call retrieves the list of all users from the parent object. Obtaining this list (using the system call) requires privileges in the parent object. If privileges are not defined in the parent object, the call (and the attempt to add the permission) fails.
System call retrieves the list of all users from the parent object. Obtaining this list (using the system call) requires privileges in the parent object. If privileges are not defined in the parent object, the call (and the attempt to add the permission) fails.
Resolution
To resolve this issue, assign the Read-only role from the vSphere Web Client object navigator.
To assign the Read-only role to the administrator from the vSphere Web Client object navigator:
To assign the Read-only role to the administrator from the vSphere Web Client object navigator:
- Browse to the object in the vSphere Web Client object navigator.
- Click the Manage tab and select Permissions.
- Click Add Permission.
- Click Add.
- Select Domain from the Domain dropdown.
- Select user and click Add.
Note: (Optional) Click Check Names to verify that the user or group exists in the database.
- Click OK.
You can see that user is pre-selected and the default Assigned Role is Read-only.
- To propagate the privileges to the child objects of the assigned inventory object, select Propagate.
- Click OK.
Feedback
Yes
No
Powered by
