Installation guide

ManualsBrandsVMware ManualsComputersVSPHERE CLIENT 4.0 - UPGRADE GUIDE UPDATE 1

Upgrading Datastore and Network Permissions

In previous releases of vCenter Server, datastores and networks inherited access permissions from the

datacenter. In vCenter Server 4.0 and later, datastores and networks have their own set of privileges that control

access to them. You might have toassign privileges manually, depending on the access level you require.

In vCenter Server 5.0, users are granted the No Access role on all new managed objects, including datastores

and networks. This means, by default, users cannot view or perform operations on them. All existing objects

in vCenter Server maintain their permissions after the upgrade. To determine whether to assign permissions

to existing datastores and networks, the upgrade process uses the datacenter's Read-only privilege.

Read-only privilege is nonpropagating (not inherited by child objects). VMware assumes that access

privileges should not be assigned to datastores and networks. You must update your roles to include the

new datastore and network privileges. These privileges are required for users to view and perform

operations on these objects.

Read-only privilege is propagating (inherited by child objects). VMware assumes that access privileges

should be assigned to datastores and networks so that users can view them and perform basic operations

that require access. The default minimum privileges are assigned during the upgrade process.

After the upgrade process, if your roles require users to have more privileges, for example, the ability to

delete a datastore or network, update your permission roles.

Table 4-7. Datastore and Network Permission Requirements

Object Before Upgrade Privilege After Upgrade Privilege Action Required to Enable Access

Datastore Nonpropagating Read-only No Access Assign access privileges for datastores or

datastore folders.

Propagating Read-only Allocate Space None.

Network Nonpropagating Read-only No Access Assign access privileges for networks or

network folders.

Propagating Read-only Assign Network None.

NOTE The Read-only propagating permission on a datacenter, as well as all other permissions you have set,

will continue to work as expected after the upgrade.

Datastore Privileges

In VMware vSphere 5.0, datastores have their own set of access control privileges. As a result, you might need

to reconfigure your permissions to grant the new datastore privileges. This is required if you have

nonpropagating Read-only permission set on the datacenter for users.

Table 4-8. Datastore Privileges

Privilege Name Actions Granted to Users Affects

Pair with

Object

Effective on

Object

Allocate Space Allocate space on a datastore for a virtual

machine, snapshot, or clone.

hosts, vCenter

Servers

datastores datastores,

virtual disks

Browse Datastore Browse files on a datastore, including CD-

ROM or Floppy media and serial or parallel

port files. In addition, the browse datastore

privilege allows users to add existing disks

to a datastore.

hosts, vCenter

Servers

datastores datastores,

datastore folders,

hosts, virtual

machines

Delete Datastore Remove a datastore. hosts, vCenter

Servers

datastores datastores,

datastore folders

vSphere Upgrade

64 VMware, Inc.