Adding Storage Connection using vCenter user in SCV fails with 500 internal error
Applies to
- SnapCenter Plug-in for VMware (SCV) 4.3 and higher
- Limited object rights vCenter user
Issue
When not using a full vCenter Administrator, but a vCenter user with a one cluster limitations, and only some data stores and/or VMs, trying to add a storage connection in the SCV plug-in section, can cause the following error in the vCenter GUI:
HTTP 500 Internal error
This shows in the vmcontrol log of SCV:
DEBUG --- [qtp474675244-12] .a.p.VSphere5PrivilegeValidationStrategy : CurrentSession: com.vmware.vijava.vim25.UserSession@1eecaa37
DEBUG --- [qtp474675244-12] .a.p.VSphere5PrivilegeValidationStrategy : Key: 524fb012-17d0-084f-5cbd-e1fdb6aa23e6
DEBUG --- [qtp474675244-12] .a.p.VSphere5PrivilegeValidationStrategy : managedEntity.getMOR().getVal() group-d1
DEBUG --- [qtp474675244-12] .a.p.VSphere5PrivilegeValidationStrategy : sessionId 524fb012-17d0-084f-5cbd-e1fdb6aa23e6
DEBUG --- [qtp474675244-12] .a.p.VSphere5PrivilegeValidationStrategy : privilegeIds netappSCV.Configure.ConfigureStorageSystems.AddUpdate
ERROR --- [qtp474675244-12] .a.p.VSphere5PrivilegeValidationStrategy : null
com.vmware.vijava.vim25.NoPermission
at sun.reflect.GeneratedConstructorAccessor379.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
at com.vmware.vijava.vim25.ws.XmlGenDom.fromXml(XmlGenDom.java:222)
at com.vmware.vijava.vim25.ws.XmlGenDom.parseSoapFault(XmlGenDom.java:146)
at com.vmware.vijava.vim25.ws.XmlGenDom.fromXML(XmlGenDom.java:92)
at com.vmware.vijava.vim25.ws.WSClient.invoke(WSClient.java:93)
at com.vmware.vijava.vim25.ws.VimStub.hasPrivilegeOnEntity(VimStub.java:204)
at com.vmware.vijava.vim25.mo.AuthorizationManager.HasPrivilegeOnEntity(AuthorizationManager.java:79)
at com.netapp.aegis.privilege.VSphere5PrivilegeValidationStrategy.hasPrivileges(VSphere5PrivilegeValidationStrategy.java:71)
at com.netapp.aegis.privilege.AbstractVSpherePrivilegeValidator.hasPrivileges(AbstractVSpherePrivilegeValidator.java:67)
at com.netapp.aegis.privilege.PrivilegeValidationServiceImpl.hasPrivilegeOnEntities(PrivilegeValidationServiceImpl.java:137)
at com.netapp.aegis.privilege.AegisPrivilegeValidator.hasPrivileges(AegisPrivilegeValidator.java:437)
at com.netapp.aegis.server.AegisApiServiceImpl.hasPrivilegeCheckOnRootFolder(AegisApiServiceImpl.java:1983)
at com.netapp.aegis.restapi.BackupRecoveryApiServiceImpl.hasPrivilegeCheckOnRootFolder(BackupRecoveryApiServiceImpl.java:1364)