vMotion Permission Denial for Non-Admin Roles
Article ID: 440764
Updated On:
Products
Issue/Introduction
Non-administrator users assigned a custom role in vCenter Server cannot perform vMotion operations on encrypted VMs. This includes migrations within the same cluster or between different datacenters/clusters.
The following error is observed in the vSphere Client:
Permission to perform this operation was denied. You do not hold privileges "virtual machine : [Cryptographic operations > Migrate]"
Environment
- vCenter 8.x
- vCenter 7.x
Cause
The custom role assigned to the users lacks the necessary cryptographic migration privileges. In a vSphere environment, the Cryptographic operations > Migrate privilege is mandatory for moving VMs, especially if they are encrypted.
Resolution
To resolve this issue, you must update the custom role to include the missing cryptographic privilege.
Log in to the vSphere Client with an account that has Administrative privileges.
- Navigate to Administration > Access Control > Roles.
- Locate and select the custom role currently assigned to the user
- Click Edit Role.
- In the privileges list, click the Cryptographic operations category.
- Select the checkbox for Migrate.
- Click "save" to save the changes.
- Log out and log back in to the vCenter Server to refresh the session permissions.
Additional Information
Feedback
