If users with custom roles attempt to edit Virtual Machine settings, the operation returns with a 'com.vmware.vim.binding.vmodl.MethodFault' error. However, user accounts with a full administrator role are successfully able to edit the settings.

• VMware vCenter Server

The user accounts attempting to edit VM settings are assigned a custom role that is missing some of the necessary privileges required by vCenter Server to perform the operation successfully.

These logs entries are specifically pointing to VM storage policies permissions errors:

 sps.log

XXXX-XX-XXTXX:XX:XX.XXXZ [pool-4-thread-3] ERROR opId=q-245935:h5c-DataAccessController:ProfileProviderAdapter:1191802-twf7-h5:70259047 com.vmware.pbm.vapi.authorization.ProfilePermissionAPIValidatorImpl - [checkProfileValidity] Exception occurred during getEffectivePrivilege
java.lang.NullPointerException: null
        at com.vmware.pbm.vapi.authorization.AuthorizationManagerImpl.getEffectivePrivilege(AuthorizationManagerImpl.java:1011) ~[pbm-1.0.jar:?]
        at com.vmware.pbm.vapi.authorization.ProfilePermissionAPIValidatorImpl.checkProfileValidity(ProfilePermissionAPIValidatorImpl.java:101) [pbm-1.0.jar:?]
        at com.vmware.pbm.vapi.authorization.ProfilePermissionAPIValidatorImpl.getValidInvalidProfileIds(ProfilePermissionAPIValidatorImpl.java:230) [pbm-1.0.jar:?]
        at com.vmware.pbm.profile.impl.ProfileManagerImpl.queryProfile(ProfileManagerImpl.java:1238) [pbm-1.0.jar:?]
        at sun.reflect.GeneratedMethodAccessor1079.invoke(Unknown Source) ~[?:?]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_422]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_422]
        at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:86) [vlsi-server.jar:?]
        at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server.jar:?]
        at com.vmware.vim.vmomi.core.tracing.OtracTracer$OtracSpan.runWithinSpanContext(OtracTracer.java:186) [vlsi-core.jar:?]
        at com.vmware.vim.vmomi.server.common.impl.TracingRunnableWrapper.run(TracingRunnableWrapper.java:62) [vlsi-server.jar:?]
        at com.vmware.vim.storage.common.task.opctx.RunnableOpCtxDecorator.run(RunnableOpCtxDecorator.java:38) [storage-commons-1.0.jar:?]
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_422]
        at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_422]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_422]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_422]
        at java.lang.Thread.run(Thread.java:750) [?:1.8.0_422]
XXXX-XX-XXTXX:XX:XX.XXXZ [pool-4-thread-3] INFO  opId=q-245935:h5c-DataAccessController:ProfileProviderAdapter:1191802-twf7-h5:70259047 com.vmware.pbm.profile.impl.ProfileManagerImpl - Timer stopped: queryProfile, Time taken: 111 ms.
XXXX-XX-XXTXX:XX:XX.XXXZ [pool-4-thread-3] ERROR opId=q-245935:h5c-DataAccessController:ProfileProviderAdapter:1191802-twf7-h5:70259047 com.vmware.pbm.profile.impl.ProfileManagerImpl - Exception in query profile:
java.lang.NullPointerException: null

vsphere_client_virgo.log

XXXX-XX-XXTXX:XX:XX.XXXZ] [ERROR] nio-127.0.0.1-5090-exec-3015 70259304 112102 200720 com.vmware.vise.mvc.exception.GlobalExceptionHandler              
Exception handled while processing request for /ui/data/propertiesByRelation/urn:vmomi:Folder:group-d1:d9084341-40d6-4360-a2fc-8bb13c7fd934?properties=profileContent,iofilterInfo&relation=pbmProfiles&targetType=PbmRequirementStorageProfile:
  java.lang.RuntimeException: com.vmware.vim.binding.vmodl.MethodFault

To enable users to successfully edit VM settings, make sure the custom role assigned to their accounts has the following privileges configured:

VM Storage policies 

• Apply VM storage policies
• Update VM storage policies
• View VM storage policies

Virtual Machine > Configuration

• Change Settings
• Add New Device
• Remove Device
• Modify Device Settings

Resource

• Assign Virtual Machine to Resource Pool
  (Required if VMs are part of a cluster with resource pools)

Datastore

• Browse
  (Needed for tasks involving attaching/detaching disks or ISOs)

Host > Configuration

• Connection
  (Optional for basic editing, but helpful for tasks that trigger host-related updates)

Virtual Machine

• Interaction
• Inventory
  
  
  
  

Using vCenter Server Roles to Assign Privileges