Administrator account does not have permission to change the roles on the supervisor namespaces
search cancel

Administrator account does not have permission to change the roles on the supervisor namespaces

book

Article ID: 415200

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

The following error is generated when changing vSphere with Tanzu Supervisor or Supervisor Namespaces permissions using the local SSO Administrator account:

     "Edit permissions Failed!
      Permission to perform this operation was denied. 
      You do not hold privileges.." 

 

Environment

vSphere with Kubernetes 9.X

Cause

The Administrator account is missing "SupervisorAdminstrator" privileges or there are conflicting privileges assigned. 

 

Resolution

To manage the Supervisor Cluster and its child objects, the Administrator must have the SupervisorAdministrator role expressly assigned on the Supervisor folder.
This role must be set to Propagate to children, and may be assigned directly to the Administrator account or via the Administrators group.

If the permissions are missing from the Supervisor, they can be added using the following steps:

  1. In vCenter Virtual Machine Inventory, right click on the Supervisor folder and select Add Permissions
  2. Add the desired user or group the role and check the box next to "Propagate to children" 
  3. Validate the users privileges are functional

If the privilege is granted at the desired context, review the permissions for duplicate or conflicting permissions. 
The necessary permissions are described in the following documentation - How Permissions Work in Supervisor

Powered by Wolken Software