No.Permission warning when running Auto Deploy Tasks via PowerCLI or from vCenter UI
Article ID: 391172
Updated On:
Products
Issue/Introduction
When trying to run Auto Deploy tasks whether by PowerCLI scripts or through the UI, it errors with No.Permission or "Permission to perform this operation was denied"
On the vCenter in /var/log/vmware/rbd/rbd-syslog.log:<DATE>[9636]ERROR:SoapHandler:Traceback (most recent call last): File "/usr/lib/vmware-vpx/pyJack/SoapHandler.py", line 1344, in _InvokeMethod value = method.f(method.info, mo, **msg.params) File "/usr/lib/vmware/site-packages/pyVmomi/VmomiSupport.py", line 385, in _InvokeMethod return self._stub.InvokeMethod(self, info, args) File "/usr/lib/vmware-vpx/pyJack/SoapHandler.py", line 232, in InvokeMethod response = method(**params) File "bora/install/vmvisor/autodeploy/site-packages/vmware/rbd/vmodl_impl/rule_set.py", line 155, in RemediateMapping File "bora/install/vmvisor/autodeploy/site-packages/vmware/rbd/vc_link.py", line 40, in __enter__ File "bora/install/vmvisor/autodeploy/site-packages/vmware/rbd/vc_link.py", line 33, in _findCurrentUserSession File "/usr/lib/vmware/site-packages/pyVmomi/VmomiSupport.py", line 589, in __call__ return self.f(*args, **kwargs) File "/usr/lib/vmware/site-packages/pyVmomi/VmomiSupport.py", line 394, in _InvokeAccessor return self._stub.InvokeAccessor(self, info) File "/usr/lib/vmware/site-packages/pyVmomi/SoapAdapter.py", line 1833, in InvokeAccessor raise e File "/usr/lib/vmware/site-packages/pyVmomi/SoapAdapter.py", line 1818, in InvokeAccessor obj = StubAdapterBase.InvokeAccessor(self, mo, info) File "/usr/lib/vmware/site-packages/pyVmomi/StubAdapterAccessorImpl.py", line 43, in InvokeAccessor return self.InvokeMethod(mo, info, (prop, )) File "/usr/lib/vmware/site-packages/pyVmomi/SoapAdapter.py", line 1802, in InvokeMethod raise objpyVmomi.VmomiSupport.vim.fault.NoPermission: (vim.fault.NoPermission) { dynamicType = <unset>, dynamicProperty = (vmodl.DynamicProperty) [], msg = 'Permission to perform this operation was denied.', faultCause = <unset>, faultMessage = (vmodl.LocalizableMessage) [], object = 'vim.Folder:group-d1', privilegeId = 'Sessions.TerminateSession', missingPrivileges = (vim.fault.NoPermission.EntityPrivileges) []
OR
<DATE>[9643]ERROR:SoapHandler:Traceback (most recent call last):File "/usr/lib/vmware-vpx/pyJack/SoapHandler.py", line 1344, in _InvokeMethodvalue = method.f(method.info, mo, **msg.params)File "/usr/lib/vmware/site-packages/pyVmomi/VmomiSupport.py", line 385, in _InvokeMethodreturn self._stub.InvokeMethod(self, info, args)File "/usr/lib/vmware-vpx/pyJack/SoapHandler.py", line 232, in InvokeMethodresponse = method(**params)File "bora/install/vmvisor/autodeploy/site-packages/vmware/rbd/vmodl_impl/rule_set.py", line 155, in RemediateMappingFile "bora/install/vmvisor/autodeploy/site-packages/vmware/rbd/vc_link.py", line 56, in __enter__File "/usr/lib/vmware/site-packages/pyVmomi/VmomiSupport.py", line 595, in <lambda>self.f(*(self.args + (obj,) + args), **kwargs)File "/usr/lib/vmware/site-packages/pyVmomi/VmomiSupport.py", line 385, in _InvokeMethodreturn self._stub.InvokeMethod(self, info, args)File "/usr/lib/vmware/site-packages/pyVmomi/SoapAdapter.py", line 1802, in InvokeMethodraise objpyVmomi.VmomiSupport.vim.fault.NoPermission: (vim.fault.NoPermission) {dynamicType = <unset>,dynamicProperty = (vmodl.DynamicProperty) [],msg = 'Permission to perform this operation was denied.',faultCause = <unset>,faultMessage = (vmodl.LocalizableMessage) [],object = 'vim.Folder:group-d1',privilegeId = 'Sessions.ImpersonateUser',missingPrivileges = (vim.fault.NoPermission.EntityPrivileges) []}
Environment
VMware vCenter
Cause
Missing permissions on from the account or group at the top level / vCenter level.
Resolution
Ensure that the user that is performing the Auto Deployment task has the following permissions at the top level / vCenter level.
- Sessions.TerminateSession
- Sessions.ImpersonateUser
- AutoDeploy.Profile.Create
- AutoDeploy.Profile.Edit
- AutoDeploy.Rule.Create
- AutoDeploy.Rule.Delete
- AutoDeploy.Rule.Edit
- AutoDeploy.RuleSet.Edit
- AutoDeploy.RuleSet.Activate
- AutoDeploy.Host.AssociateMachine
Feedback
