vCenter server contains privileges which are not in standard format in the vCenter UI
Article ID: 390038
Updated On:
Products
Issue/Introduction
- In the vCenter UI navigate to Administration-> Access Control -> Roles -> New, may see additional privileges in non-standard format like.
Virtual machine - privilege.VirtualMachine.Config.Unlock.label
- vCenter server has been upgraded from an earlier version such as vCenter 6.7 to vCenter 7.0 and/or vCenter 7.0 to vCenter 8.0
- May have also had custom role created in the past prior to upgrade which is still part of the environment
Environment
- VMware vCenter Server 8.0
Cause
- When a custom role was created and used in the past and legacy privileges are part of this group, and this was copied to new vCenter version during upgrade of vCenter Server and legacy privileges which no longer exist are brought over and seen in this format in the UI.
Resolution
Some privileges like below example are no longer active that are cosmetic and can be safely ignored:
- VirtualMachine.Config.Unlock
- Datacenter.IBMDataProtection
- Global.ConfigureIBMDataProtection
- Host.Local.ExtractNvramContent
- Host.Local.RelayoutSnapshots
- InventoryService.Provider.Management
- HmsDiagnostics.com.vmware.vcHms.Diagnostics.Manage
- DVPortgroup.Ipfix
- HmsRemote.com.vmware.vcHms.Hms.Manage
- InventoryService.Provider.Update
- HmsRemote.com.vmware.vcHms.Hbr.View
- VRMPolicy.Query
- InventoryService.Tagging.DeleteScope
- HmsRemote.com.vmware.vcHms.Hbr.Manage
- Global.com.vmware.vcopsAdmin
- Vsan.DataProtection.Management
- HmsDatastoreMapper.com.vmware.vcHms.Mappings.View
- InventoryService.Tagging.CreateScope
- HmsDatastoreMapper.com.vmware.vcHms.Mappings.Manage
- DVSwitch.Ipfix
- Topology.Manage
- HmsRemote.com.vmware.vcHms.Hms.View
- VRMPolicy.Update
- HmsSession.com.vmware.vcHms.Session.Terminate
Note:-
- Remove the custom role if no longer required which contains these legacy privileges.
- Service restart is needed.
Feedback
