User attempting to assign or create tags for virtual machines through the vSphere UI or via automation, the task fails with the following error:  

• (vmodl.fault.SecurityError) {<br/>   faultCause = null,<br/>   faultMessage = null<br/>}

The following log traces are observed in vCenter Server at /var/log/vmware/vpxd-svcs/vpxd-svcs.log

• YYYY-MM-DDTHH:MM:SS.###Z [dataservice-# [] ERROR com.vmware.cis.core.tagging.vmodl.MoTagManager  opId=########-####-####-####-######## IS] Failed to bulk attach tags
com.vmware.cis.core.tagging.exception.UnauthorizedException: Domain_name\user_name does not have attach privilege on tag urn:vmomi:InventoryServiceTag:####-####-####-####-########:GLOBAL

VMware vCenter Server

This issue occurs because the custom role assigned to the user lacks the necessary tagging permissions. The "Assign or Unassign vSphere Tag" privilege is not enabled.

Before making changes to roles and permissions, ensure you have a valid backup or snapshot of your vCenter Server.

1. Snapshot Best Practices: Refer to Snapshot Best practices for vCenter Server Virtual Machines
2. Access the vSphere Client using the [email protected] account or an account with full administrative privileges.
3. Edit the Role:
   • Navigate to Menu > Administration > Access Control > Roles.
   • Select the Custom Role assigned to the affected user.
   • Click Edit.
4. Assign Privileges:
   • Locate the vSphere Tagging section.
   • Ensure the Assign or Unassign vSphere Tag privilege is selected.
   • (Note: If the user needs to create new tags, also select the Create vSphere Tag privilege).
5. Click Next and then Finish to save the changes.
6. Have the user log out and log back in to verify they can now assign tags successfully.