Manualshelf

Installation guide

ManualsBrandsVMware ManualsComputer AccessoriesvSphere 4
61626364656667686970
Upgrading Datastore and Network
Permissions 9
In previous releases of vCenter Server, datastores and networks inherited access permissions from the
datacenter. In vCenter Server 4.0, they have their own set of privileges that control access to them. This might
require you to manually assign privileges, depending on the access level you require.
In vCenter 4.0, users are initially granted the No Access role on all new managed objects, including datastores
and networks. This means, by default, users cannot view or perform operations on them. All existing objects
in vCenter maintain their permissions after the upgrade. To determine whether to assign permissions to
existing datastores and networks, the upgrade process uses the datacenter's Read-only privilege.
n
If the Read-only privilege is nonpropagating (not inherited by child objects), VMware assumes access
privileges should not be assigned to datastores and networks. In such cases, you must update your roles
to include the new datastore and network privileges desired. This is required for users to view and perform
operations on these objects.
n
If the Read-only privilege is propagating (inherited by child objects), VMware assumes access privileges
should be assigned to datastores and networks so users can view them and perform basic operations that
require access. In such cases, the default minimum privileges are automatically assigned during the
upgrade process.
After the upgrade process, if your roles require users to have additional privileges, for example, the ability
to delete a datastore or network, you need to update your permission roles.
Table 9-1 lists the privileges assigned to datastores and networks before the upgrade to vCenter 4.0 and after
the upgrade to vCenter 4.0, and the action required by administrators to enable access.
Table 9-1. Datastore and Network Permission Requirements
Object Before Upgrade Privilege After Upgrade Privilege Action Required to Enable Access
Datastore Nonpropagating Read-only No Access Assign access privileges for datastores or
datastore folders.
Propagating Read-only Allocate Space None.
Network Nonpropagating Read-only No Access Assign access privileges for networks or
network folders.
Propagating Read-only Assign Network None.
NOTE The Read-only propagating permission on a datacenter, as well as all other permissions you have set,
will continue to work as expected after the upgrade.
This chapter includes the following topics:
n
“Datastore Privileges,” on page 62
n
“Network Privileges,” on page 62
VMware, Inc.
61