You must change Read-only nonpropagating datastore permissions to propagating datastore permissions in order for users to access the datastores. You can assign datastore permissions on datastores or folders containing datastores.

Before performing the upgrade procedure, determine which users need access to each datastore and which privileges each user needs. If necessary, define new datastore roles or modify the Database Consumer sample role. This sample role assigns the Allocate Space privilege to the datastore, which enables users to perform basic virtual machine operations, such as creating clones and taking snapshots. In addition, organize your datastores in folders that coincide with users' access needs.


The Read-only propagating permission on a datacenter, in addition to all permissions you have set, will be kept intact after the datastore permissions upgrade.


Log in to vSphere Client as an administrator.


On the Home page, click Datastores to display the datastores in the inventory.


Select the datastore or datastore folder and click the Permissions tab.


Right-click in the Permissions tab and from the context pop-up menu, choose Add Permission.


In the Assigned Role pane, assign a role.

To assign specific datastore privileges defined in a role by your company, choose the custom role.

To migrate read-only nonpropagating datacenter permissions to propagating datastore permissions, choose Datastore Consumer (sample). This role assigns the Allocate Space privilege to users, which is required so that users can consume space on the datastores on which this role is granted. In order to perform a space-consuming operation, such as creating a virtual disk or taking a snapshot, the user must also have the appropriate virtual machine privileges granted for these operations.

To assign Read-only datastore privileges, choose Read-only.

This role enables users to browse the datastore without giving them other datastore privileges. For example, choose Read-only for users who need to attach CD/DVD-ROM ISO images to a datastore.


Select Propagate to Child Objects.


In the Users and Groups pane, click Add.


Select the users and groups for whom to add the role.

To select multiple names, control-click each additional name.


Click OK.

All users are added to the Users and Groups list for this role.


Click OK.

The datastore is saved with the new permissions.


You need to set up permissions for new datastores that you create. By default, new datastores are created under the datacenter folder in the inventory. You can move it into a datastore folder, as appropriate.