Prior to upgrading to vSphere 6 (running 5.5) my user account had a read-only privileges on the vSphere object, Datacenter object, as well as some grater rights on clusters, vDS and datastore.
Using Perl SDK to deploy new VM’s – vmcreate.pl worked fine.
PowerCLI C:\Program Files (x86)\VMware\VMware vSphere CLI\Perl\apps\vm> perl .\vmcreate.pl –url https://vCenterServer.local:443/sdk/webService –filename C:\Sc
ripts\XMLVM.xml –schema C:\Scripts\Schema.xsd –username ad\test
Successfully deployed the VM.
After the upgrade to vSphere 6u2 each time the script was run, it returned an error:
Fault string: Permission to perform this operation was denied.
Fault detail: NoPermissionFault
Moreover the VM could be easily created in that cluster / datastore etc using both Web Client and C#.
After ripping permissions top to bottom and bottom to top it looks like for some reason it requires administrator privileges on the data center object.
I’ve tried to narrow it down and create the custom role (focusing on Inventory and Virtual machine privileges ) however there are some further issues.
C# client and API would work, but I was unable to deploy VM manually in the web client… ?!?
Leaving this permission as administrator on data center object non-propagating looks to do the job for now.
I’ll keep this post updated if I find time to drill down into it further.