Diagnosing VMware Role Based Permission Issues in Platespin Products

  • 7017801
  • 01-Jul-2016
  • 20-Mar-2017

Environment

PlateSpin Migraten 12.x
PlateSpin Protect 11.x

Situation

Errors produced by PlateSpin Migrate and/or Migrate suggest an issue with the role based permissions as configured on the VMware server or a VMware administrator wants to verify that existing Roles have the proper privileges assigned.

Resolution

Use the PlateSpin VMware role tool to determine which privileges should be modified or create a roles as required.

Tool Execution

After extracting the tool from the zip archive, execute the following command using the suggested parameters:

PlateSpinRoleTool.exe /host=[ip address] /user=root /role=PlateSpinRole.xml /interactive

Parameter Explanation:

/host – IP address of the VMWare Server
/user – User name of an administrator account. 
/role -  File name of the file that provides the role's permissions. Use the PlateSpinRole.xml file unless you are advised to use a different file.
/interactive – Runs the command shell for the tool. This is the recommended option for running the tool as provides a menu to execute various options within a single execution of the tool.
/help – Displays information on additional parameters not described here.

Tool Menu

The tool menu contains two the top level options when ran in interactive mode (/interactive). These are Select a PlateSpin Role and Display Server Defined Privileges.

Figure 1. PlateSpin  Role Tool top level menu

Under Select a PlateSpin Role, menu options for each of the PlateSpin roles are displayed. The roles are:

PlateSpin Virtual Machine Manager
PlateSpin Virtual Infrastructure Manager
PlateSpin User


Figure 2. PlatesSpin Role Menu

Once a specific PlateSpin role has been selected, you are presented with options that consist of:

Create Role -  This option will create the selected role with the required permissions listed in the PlatespinRole.xml file.
Compare with existing Role – This options will allow you to verify if an existing role is compatible with the selected PlateSpin Role.
List existing compatible Roles – This option will display a list of all existing roles roles that are compatible with the selected PlateSpin Role.

Figure 3. PlateSpin Action Menu

The second option in the root menu (Display Server Defined Privileges) simply displays a list of defined privileges on the server. To view the complete list of privileges it may be necessary to press the space bar.

 Figure 4. Output of Display Server Defined Privileges

PlateSpin Role Tool Usage

Since the menu options are the same for each of the roles, usage will be illustrated with the “PlateSpin User†role.  The steps for working with  the “PlateSpin Virtual Machine Manager†or  “PlateSpin Virtual Infrastructure Manager†roles are the same.

To create, compare or list PlateSpin Roles, execute the PlatespinRoleTool.exe with the recommended parameters. When prompted enter the administrator’s password.

Note: See “Tool Execution†for a description of the recommended parameters.

Figure 5. Executing PlatespinRoleTool.exe

Creating A Role

1. To create the desired role select, “Select a PlateSpin Roleâ€.
2. Select the PlateSpin User role.
3. Select “Create Roleâ€.
4. Press Enter when prompted to return to the action menu.

Note: If the “PlateSpin User†was already created, a message stating it already exists will be displayed.

Comparing existing Roles

1. From the action menu select ,â€Compare with existing Rolesâ€.
2. Select a User account to compare to the PlateSpin user. For this example the NoAccess user has been selected.  As expected, this role is not compatible to the PlateSpin User.
3. Repeat the same process, but use the Admin. Admin will be compatible with the Platespin User. Press enter to scroll through the listed privileges and return to the Actions menu.

Listing existing compatible Roles

1. Select “Listing Existing compatible Roles and press enter to show the compatible roles. As expected, the Admin is compatible to the PlateSpin User.
2. Press enter to return to the actions menu.
3. Press escape to return to the PlateSpin Roles menu to check another role. Or press escape to return to the top menu.
4. To exit the program hit [ESC] as required until the program exits.

Additional Information

Additional Information can be found in the “Setting Up User Authorization and Authentication†sections of the User’s guide.