In previous releases of vCenter Server, datastores and networks inherited access permissions from the datacenter. In vCenter Server 4.0, they have their own set of privileges that control access to them. This might require you to manually assign privileges, depending on the access level you require.

In vCenter 4.0, users are initially granted the No Access role on all new managed objects, including datastores and networks. This means, by default, users cannot view or perform operations on them. All existing objects in vCenter maintain their permissions after the upgrade. To determine whether to assign permissions to existing datastores and networks, the upgrade process uses the datacenter's Read-only privilege.

If the Read-only privilege is nonpropagating (not inherited by child objects), VMware assumes access privileges should not be assigned to datastores and networks. In such cases, you must update your roles to include the new datastore and network privileges desired. This is required for users to view and perform operations on these objects.

If the Read-only privilege is propagating (inherited by child objects), VMware assumes access privileges should be assigned to datastores and networks so users can view them and perform basic operations that require access. In such cases, the default minimum privileges are automatically assigned during the upgrade process.

After the upgrade process, if your roles require users to have additional privileges, for example, the ability to delete a datastore or network, you need to update your permission roles.

Datastore and Network Permission Requirements lists the privileges assigned to datastores and networks before the upgrade to vCenter 4.0 and after the upgrade to vCenter 4.0, and the action required by administrators to enable access.

Datastore and Network Permission Requirements

Object

Before Upgrade Privilege

After Upgrade Privilege

Action Required to Enable Access

Datastore

Nonpropagating Read-only

No Access

Assign access privileges for datastores or datastore folders.

Propagating Read-only

Allocate Space

None.

Network

Nonpropagating Read-only

No Access

Assign access privileges for networks or network folders.

Propagating Read-only

Assign Network

None.

Note

The Read-only propagating permission on a datacenter, as well as all other permissions you have set, will continue to work as expected after the upgrade.