Question

Custom Role not working

  • 18 June 2020
  • 5 replies
  • 1714 views

Badge +1

Hi Folks,

We have been getting alerts on memory usage from the Prism Central VM. It seems to be a known issue. So to suppress the alerts from repeatedly generating cases in our internal ticketing system I am working on setting up an automated restart when memory usage gets to 90%.

I’ve written the code to do this (a mix of the Nutanix cmdlets and Rest API calls in PowerShell). It works fine when run under my own account. My account has the ‘User Admin’ role. I should also mention we map roles to AD groups.

However I wish to move the scheduled job to run under the context of a  service account. The service account has been assigned a Custom Role with a single assignment ‘Update VM Power State’

 

 

 

 

I’m added the Role to my Service account user and applied it to the Prism VM (and a Test VM).

 

 

I’m wondering if I need to grant more permissions as I am getting an error

 

Access is denied
Set-NTNXVMPowerState : The remote server returned an error: (403) Forbidden.

5 replies

Userlevel 5
Badge +4

Hey @micmaher001 , can you try adding and selecting the “Update VM” option and then check the same or maybe try selecting “Basic Access” for the VM and then check. 

 

 

Badge +1

Hi Anish,

 

I opened a support case on this. In the end the issue was the service account was a viewer in global Prism Central role mapping whilst also having with the custom role.

This cause a conflict and we needed to remove Viewer to fix this.

 

Userlevel 5
Badge +4

Ahh I see, yes we have seen scenarios where we see such issues due to conflicts on PC global role mapping and PC RBAC(role based access control). Thanks a lot for letting us know about it.:smile:

 

This will help others with similar issues and when they have such Role conflicts on PC.

 

Can you tell me what was the case number for this issue ?

Badge +1

 

:thumbsup: 00812919

 

 

Userlevel 5
Badge +4

Hey @micmaher001 , thanks a lot. :smile:

Reply