Users with standard permissions are unable to power on Virtual Machines (VMs) via the vSphere Client.

Symptoms:

• The standard user clicks the Power On button, but the VM state does not change, and the user receives no error message.

• The vCenter Administrator can see the corresponding Power on virtual machine task listed as Completed in the Recent Tasks panel but the VM is not powered ON

• Log analysis reveals a missing System.Read privilege on the Datacenter object for the user's session. 

Log Location: /vmware/vsphere-ui/logs/vsphere_client_virgo.log

[DATE TIME] [WARN ] ... com.vmware.vsphere.client.vm.powerops.impl.VmPowerOpManager  User [DOMAIN\USER_ID] is missing privilege System.Read on
 datacenter [DATACENTER_NAME] (ManagedObjectReference: type = Datacenter, value = [DATACENTER_ID], serverGuid = [SERVER_GUID]). Power on task outcome cannot be traced. The recommendations in case of Manual DRS cluster are stored in the task result and will not be presented to the user!

vCenter 8.x

The root cause is a failure in permission propagation. Although the custom user role contains all the necessary privileges (including Virtual machine > Interaction > Power On), the "Propagate to children" setting on the role assignment was not correctly maintained or applied to the inventory object.

The resolution is to explicitly uncheck and the Propagate to children setting on the permission entry to force vCenter to re-apply the correct inheritance chain across the inventory.

Recommended Steps:

1. Log in to vCenter as an Administrator.

2. Navigate to the object where the permission is assigned (e.g., TEST Datacenter).

3. Go to the Configure > Permissions tab.

4. Edit the permission entry for the affected user group/role.

5. Ensure the "Propagate to children" checkbox is explicitly unchecked and applied.