Operation in vCenter fails with the following message:

The error is:

Operation failed!

Permission to perform this operation was denied

NoPermission message format

Frequently this involves all users in a group but that is not always the case.

Missing role privileges on the operation that is failing.

1. Get the user ID used for the operation, the date & time of the attempt.

2. Use ssh to access the vCenter (See "Enable or Disable SSH and Bash Shell Access" if needed)

3. Run the following command to locate the missing permissions:

$ journalctl -b | grep <User ID> | grep missing | awk '{print $24}' | sort | uniq

NOTE: Substitute the actual User ID without the "<>" in the above command.

4. The output should show the missing permissions that failed the operation.

5. Have the privileges added to the role being used and retry the operation.

If the operation fails with the same message, gather another bundle and repeat steps 2-3 to find the additional privileges needed. Repeat as needed until all missing privileges have been added to the role. The multiple iterations are needed due to the operation failing at various stages if the privileges for those stages are missing.

The output will look similar to this:

journalctl -b | grep myuserID | grep missing | awk '{print $24}' | sort | uniq

Cryptographer.ManageKeyServers
VApp.InstanceConfig
VApp.ApplicationConfig

Note: By excluding the "| awk '{print $24}' | sort | uniq" from the command above it will display the failure lines themselves. This can be useful for matching the timestamps with known events.

The output would look like this:

$ journalctl -b | grep <User ID> | grep missing
Nov 07 18:55:55 MyVC.MyDomain.com vpxd[6739]: Event [66567430] [1-1] [2024-11-07T18:55:55.209714Z] [vim.event.EventEx] [warning] [] [My-Datacenter] [66567430] [Privilege check failed for user AD\myuserid for missing permission VApp.ApplicationConfig. Session user performing the check: ]
Nov 07 19:23:58 MyVC.MyDomain.com vpxd[6739]: Event [66568328] [1-1] [2024-11-07T19:23:58.2451Z] [vim.event.EventEx] [warning] [] [My-Datacenter] [66568328] [Privilege check failed for user AD\myuserid for missing permission VApp.ApplicationConfig. Session user performing the check: ]
Nov 07 19:34:53 MyVC.MyDomain.com vpxd[6739]: Event [66569453] [1-1] [2024-11-07T19:34:53.625446Z] [vim.event.EventEx] [warning] [] [My-Datacenter] [66569453] [Privilege check failed for user AD\myuserid for missing permission VApp.ApplicationConfig. Session user performing the check: ]
Nov 07 19:38:09 MyVC.MyDomain.com vpxd[6739]: Event [66569512] [1-1] [2024-11-07T19:38:09.078798Z] [vim.event.EventEx] [warning] [] [My-Datacenter] [66569512] [Privilege check failed for user AD\myuserid for missing permission VApp.ApplicationConfig. Session user performing the check: ]
Nov 07 19:41:05 MyVC.MyDomain.com vpxd[6739]: Event [66569564] [1-1] [2024-11-07T19:41:05.30201Z] [vim.event.EventEx] [warning] [] [My-Datacenter] [66569564] [Privilege check failed for user AD\myuserid for missing permission VApp.ApplicationConfig. Session user performing the check: ]
Nov 13 14:24:24 MyVC.MyDomain.com vpxd[6739]: Event [67021858] [1-1] [2024-11-13T14:24:24.025033Z] [vim.event.EventEx] [warning] [] [My-Datacenter] [67021858] [Privilege check failed for user AD\myuserid for missing permission VApp.ApplicationConfig. Session user performing the check: ]