Re: ONTAP Tools for VMware - Adding VSC privileges to custom vCenter role

squebel · ‎2024-02-06

The role named "VSC Provision" has these custom privileges that appear to be added that apply only for ONTAP:

NetApp ONTAP tools for VMware vSphere

View

privilege.nvpfVSC.Kamino.Datastore.com.netapp.nvpf.label

Manage datastores

Provision

privilege.nvpfVSC.VASAGroup.com.netapp.nvpf.label

View

I have tried adding these privs to a custom vcenter role we created for users that are allowed to do most things a power user in vCenter would be able to do but they can't seem to use OTV at all. When they go to the OTV plugin, they can't see anything at all. If I change the role for the user to the "VCS Provision" role and log into vcenter again, they can see what they need to see. So, what privilege is actually being missed? What special thing is happening that OTV is missing or looking for that I'm not noticing?

ChanceBingen · ‎2024-02-21

That sounds odd. Just to test, I created a new user and assigned them the VSC Provision role. I was able to create an NFS datastore with no issues.

Here is what my role looks like:

PS C:\Users\bingen> Get-VIPrivilege -Role "VSC Provision" | Select-Object Name

Name
----
Anonymous
View
Read
Manage custom attributes
Log event
Cancel task
Licenses
Settings
Rename datastore
Move datastore
Browse datastore
Remove file
Low level file operations
Allocate space
Storage partition configuration
Security profile and firewall
Advanced settings
Remove
Unregister
Power off
Customize guest
Read customization specifications
Allow disk access
Allow read-only disk access
Create task
Update task
Validate session
Configure a datastore cluster
Manage datastores
Provision
View
View
Update VM storage policies
View VM storage policies
Configure service
View