Deploying a virtual machine from a template fails with “Permission to perform this operation was denied. NoPermission.message.format” error
search cancel

Deploying a virtual machine from a template fails with “Permission to perform this operation was denied. NoPermission.message.format” error

book

Article ID: 416291

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vCenter Server

Issue/Introduction

A permissions related error may be encountered when attempting to deploy a virtual machine from an existing template. The deployment operation fails, and the virtual machine is not provisioned successfully.

The following error message is displayed in the vCenter UI:

Error: Permission to perform this operation was denied.
Message: NoPermission.message.format

In the vCenter Server Appliance, the /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log may contain entries similar to:

YYYY-MM-DD HH:MM [DEBUG] https-jsse-nio-9443-exec-9 70013216 100364 200029 com.vmware.vise.vim.commons.vcservice.impl.VcServiceImpl 
Will determine whether to retry managed method reconfigure for moref ManagedObjectReference: type = VirtualMachine, value = vm-###, serverGuid = #######-####-####-####-#########. 
The failure was com.vmware.vim.binding.vim.fault.NoPermission: Permission to perform this operation was denied.

Environment

VMware vCenter Server 8.x
VMware ESXi 8.x

Cause

This error occurs when the user account performing the virtual machine deployment does not have the necessary privileges on one or more vCenter objects involved in the operation.

The following objects are typically part of the virtual machine deployment workflow:

  • Virtual machine template

  • Destination datastore

  • Target virtual machine folder

  • Host, cluster, or resource pool

  • Network configuration

  • Datacenter or vCenter Server root objects

If the account lacks adequate permissions on any of these objects, vCenter Server will deny the deployment operation and display the "NoPermission" error.

Resolution

1. Validate using an administrative account

     Perform the deployment operation using an account with administrative privileges. If the deployment succeeds, this confirms the issue is related to insufficient permissions for the original user account.

 2. Review user permissions in the vCenter UI

  1. Log in to the vCenter UI.

  2. Navigate to Administration → Roles → Global Permissions

  3. Review the permissions assigned to the user or group performing the deployment.

  4. Alternatively, check permissions on each object involved in the deployment process (template, folder, datastore, network, cluster, etc.).

3. Verify inheritance and propagation settings

  • Ensure that permissions are correctly applied at the required object level (e.g., datacenter, cluster, folder, datastore).

  • Confirm that the “Propagate to children” option is enabled where applicable.

4. Ensure the following minimum privileges are granted

Object Required Privilege Path
VM Template Virtual machine → Inventory → Create from existing
Virtual machine → Configuration → Read configuration
Destination Folder Virtual machine → Inventory → Create new
Virtual machine → Inventory → Register
Host / Cluster / Resource Pool Resource → Assign virtual machine to resource pool
Datastore Datastore → Allocate space
Network Network → Assign network

 

Powered by Wolken Software