vSphere: Find missing permissions/privileges in logs

Hi,

assigning permissions in vSphere is sometimes difficult. Also to find out which permissions are missing for a specific action if you are not an administrator.

Usually the event entry does not give you an hint which permissions are lacked. There are a lot of log files under /var/log/vmware. So which is the right one?

My best way is to search all logfiles for the string “is needed on”.

root@vCenter ~ # cd /var/log/vmware
root@vCenter /var/log/vmware # find . -name "*.log" -exec grep -iH "is needed on" {} \;
./vsphere-ui/logs/vsphere_client_virgo.log:    defaultMessage = Privilege VirtualMachine.Config.AddNewDisk is needed on resgroup-153:67cde234-9230-4339-9aa3-09ee23553629.,
./vsphere-ui/logs/vsphere_client_virgo.log:    defaultMessage = Privilege VirtualMachine.Config.AdvancedConfig is needed on resgroup-153:67cde234-9230-4339-9aa3-09ee23553629.,
...
./content-library/cls.log:    defaultMessage = Privilege VirtualMachine.Config.AddNewDisk is needed on resgroup-153:67cde234-9230-4339-9aa3-09ee23553629.,
./content-library/cls.log:    defaultMessage = Privilege VirtualMachine.Config.AdvancedConfig is needed on resgroup-153:67cde234-9230-4339-9aa3-09ee23553629.,
....

In this case irtualMachine.Config.AddNewDisk and VirtualMachine.Config.AdvancedConfig is missing on Resource group of cluster:

PS D:\>  (Get-ResourcePool -Id ResourcePool-resgroup-153).Parent

Name                           HAEnabled  HAFailover DrsEnabled DrsAutomationLevel
                                          Level
----                           ---------  ---------- ---------- ------------------
MY-CLUSTER-01                     False      1          True       FullyAutomated

Michael

Leave a Reply Cancel reply