vROPS RBAC and upgrades

Last week I was at a customer doing some vROPS magic, which included updating the current vROPS 6.4 cluster to 6.5 to get the improved vRLI integration. Upgrading both vRLI and vROPS clusters went perfect, but the vRLI integration items like the Log Insight icon, and Logs tab would not be visible in vROPS after the configuration.

We followed the configuration steps as described in the documentation and verified all the configuration steps. After verifying all the configuration steps and coming to the conclusion that the configuration is correct, we tried logging in with the default admin credentials instead of the customer Active Directory credentials. With the admin account, the Log Insight icon and Logs tab were visible!

When upgrading vROPS to a version with new features, these new features get new privileges to be assigned. When using the default roles, these privileges get assigned automatically to the applicable roles, like for instance the administrator role. But if you create a new role, by cloning are just creating a new, these privileges need to be assigned manually.

After assigning the new privileges to the created role, the Log Insight page and Logs tab were finally visible for the customer account.

TLDR; When upgrading vROPS to a higher version with new features, make sure to check the privileges for these new features on roles. User created roles do not automatically receive newly added privileges.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: