Tag Archives: Roles

VMware AWS Header

How to delete vCenter Roles in VMC

The Issue

Whilst testing in VMC a PowerCLI script to create some vCenter roles, I noticed in the UI, then I deleted them, they remained, even though I was using the CloudAdmin@vmc.local account.

I also tried to delete them using PowerCLI and received the error message;

Remove-VIRole : 07/11/2020 09:00:42 Remove-VIRole Permission to perform this operation was denied. Required privilege 'VApp.PullFromUrls' on managed object with id 'Folder-group-d1'.
At line:1 char:1
+ Remove-VIRole OpenShift-Install
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Remove-VIRole], NoPermission
+ FullyQualifiedErrorId : Client20_InventoryServiceImpl_RemoveRole_VIError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.RemoveVIRole

You should not create roles with permissions higher than that of the CloudAdmin Account. You can find further information of these permissions here.

If you do this, the only fix is to log a support call with VMware to resolve.

The Fix

VMware have a KB for this issue and how to delete the vCenter roles.

To resolve you use the vCenter Managed Objects Browser (MOB).

Note: When using the MOB to make changes, users will not be prompted for confirmation before making any changes, including removing roles. A custom role can not have privileges higher than the CloudGlobalAdmin role.

First to view all your existing roles in your browser go to;

  •  https://{VMC_VC_FQDN}/mob/?moid=AuthorizationManager&doPath=roleList

This will list all roles, and note the roleId for the role you want to remove.

To remove a role: Continue reading How to delete vCenter Roles in VMC

Naming Conventions and Standards for Systems and Devices

We all know how important it is to have a naming standard for our systems and devices that means something, rather than a number of Greek mythological names that ultimately mean nothing to most.

A quick google of “Server naming conventions” will lead you to actual help, or polls from slashdot on this subject, or even lists of the best and worst naming conventions in vendor blogs whilst they hammer you to buy their warez (<<< That link may have a massive popup from GFI trying to push you something). Or you can always fall back on reddit to get to heart of the action.

 

Here I am sharing the naming conventions we designed and implemented whilst I was working as a consultant. Please feel free to use, adapt or ignore as you please.

Name Convention Examples

For a good clean and clear name we defined the following;

  • Identify the client or site
    • 2 Letter Abbreviation
  • Site/Location Identification
    • 2 Digit Number
  • Primary Role or Function of the Service/Device
    • 3 Letter Abbreviation + 2 Digits for numbered instance
  • Identify the deployment type, such as Production/Test/Development/Staging
    • 1 Letter Identifier
  • Identify the service characteristic type such as Physical/Virtual Machine/Container
    • 1 Letter Identifier

Below I’ve drawn out a breakdown of such as a table;

Sorry for inserting the tables as images, but its the one lacking function of wordpress!

Or if its easier, here is a nice colourful diagram; Continue reading Naming Conventions and Standards for Systems and Devices