DSM user with limited role can not access DSM plugin with error "cannot issue DSM JWT"--- "user" does not have the required privileges on the vCenter root folder.
search cancel

DSM user with limited role can not access DSM plugin with error "cannot issue DSM JWT"--- "user" does not have the required privileges on the vCenter root folder.

book

Article ID: 422016

calendar_today

Updated On:

Products

VMware Data Services Manager for VCF

Issue/Introduction

After following Creating a User with Limited Permissions for VMware Data Services Manager the following error is present when attempting to access the DSM plugin. 

Cannot issue DSM JWT.  Reason logged-in plugin user "user" does not have the required privileges on the vCetner root folder.  Please refer to the DSM installation Guide. 

Environment

DSM 2.2 

Cause

The authentication flow checks that the logged‑in user has the required permissions to use the DSM vSphere plugin. The user must hold at least the same privileges as the VC ServiceAccount (created by DSM during bootstrap) on the root folder. This ensures the user has enough privileges to perform actions that the DSM backend may execute using the service account without causing privilege escalation issues.

 

Resolution

Review and add any Permissions in use by the VC ServiceAccount (created by DSM during bootstrap) to the limited users permissions.  This will allow the limited user to access the DSM plugin with out error. 

Powered by Wolken Software