WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud
  • Tanzu
    • Application Modernization
    • Tanzu services
    • Tanzu Community Edition
    • Tanzu Kubernetes Grid
    • vSphere with Tanzu
  • Home Lab
  • Nested Virtualization
  • Apple
You are here: Home / VMware Tanzu / Quick Tip - vSphere Permission to view vSphere with Tanzu Namespaces

Quick Tip - vSphere Permission to view vSphere with Tanzu Namespaces

07.06.2021 by William Lam // 6 Comments

If you wish to create a custom vSphere Role that has the ability to view vSphere Namespaces which is part of vSphere with Tanzu, you will need to add the user to the following vSphere Single Sign-On Group: ServiceProviderUsers, which is located under Single Sign On->Users and Groups->Groups (2nd page) within the vSphere UI.


Once added, you can logout and log back in and the user should now see the vSphere Namespaces as shown in the screenshot below. In my example, I have a user named william which is created in the default vsphere.local domain and has been assigned the user the vSphere Read Only role along with this additional SSO group. They will be able to view all resources but will not have permission to make any changes to the infrastructure. If you are using Active Directory, the exact same process works and just make sure you log out and log back in for the changes to take effect.

More from my site

  • vSphere with Tanzu using Intel Arc GPU
  • Automated enablement of vSphere with Tanzu using vSphere Zones in vSphere 8
  • Demo of VMware Cloud Consumption Interface (CCI)
  • Beta for VMware Cloud Consumption Interface (CCI) formally Project Cascade
  • Quick Tip - Correctly naming TKR's in Local Content Library for vSphere with Tanzu in vSphere 8

Categories // VMware Tanzu, vSphere 7.0 Tags // permission, vSphere with Tanzu

Comments

  1. Daniel says

    07/14/2021 at 8:12 am

    Is this limited to vsphere.local accounts only? This works for me with a local account but if I use an account from an AD/ldap domain, I don't see the UI tree from the Namespace resource downward. I can, however, browse these objects via the Namespace tab on the tanzu enabled cluster.

    Reply
    • Andras says

      07/19/2021 at 9:23 am

      Same issue here, with AD account it is not enough it seems.

      Reply
      • William Lam says

        07/19/2021 at 2:08 pm

        It looks like this has been asked in a few places and the answer is no, this is NOT limited to just vSphere SSO Domain. This also works for Active Directory and I had just confirmed this after setting up IWA for my VCSA and followed the exact same instructions as noted above. Make sure you log out and log back in

        Reply
        • Andras says

          07/19/2021 at 11:05 pm

          Thanks William!:) At my side it is working now with an AD user. It looks like it took a while, however I did logout-login already few times.

          Reply
  2. Dodd Pfeffer says

    02/16/2022 at 1:49 pm

    This is partially working for me. I am suspicious that something has changed in the past several months. I've tried on 7u2d and 7u3. I can see the namespaces in the inventory view but there are issues viewing content libraries. I receive an error message in the VM Service tile saying that the content library has been removed. Perhaps there is an additional privilege required now?

    Reply
    • William Lam says

      02/18/2022 at 8:43 am

      Visibility to a Content Library requires vSphere Global Permission

      Reply

Thanks for the comment! Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Author

William Lam is a Senior Staff Solution Architect working in the VMware Cloud team within the Cloud Infrastructure Business Group (CIBG) at VMware. He focuses on Cloud Native technologies, Automation, Integration and Operation for the VMware Cloud based Software Defined Datacenters (SDDC)

Connect

  • Email
  • GitHub
  • LinkedIn
  • RSS
  • Twitter
  • Vimeo

Recent

  • vSphere with Tanzu using Intel Arc GPU 01/26/2023
  • Quick Tip - Automating allowed and not allowed Datastores for use with vSphere Cluster Services (vCLS) 01/25/2023
  • ESXi with Intel Arc 750 / 770 GPU 01/24/2023
  • How to bootstrap vSAN Express Storage Architecture (ESA) on unsupported hardware? 01/19/2023
  • Automating Virtual Machine screenshots in vSphere 01/18/2023

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2023

 

Loading Comments...