Hi Guys,

We've started moving some of our lab VMs from VMware to a Hyper-V cluster managed through SCVMM. We're running 2012 R2.

In VMware we have a role defined that allows members of a specific AD group to complete only the below tasks on ALL VMs:

- View Console

- Reboot

- Shut Down/Power On

- Reset

- Create and remove Snapshots (CheckPoints)

I don't see a logical way to define this kind of access in SCVMM. My only options seem to be a Read Only role and then Tenant or Application Admin which give more rights and then you are required to specify every VM or network you want the user to be able to manage. This doesn't work as our lab is fairly fluid (new VMs are added, VMs are deleted). I don't want to have to go through this wizard every time I add a VM.

Any suggestions?

~ Shaun

• Moved by BrianEhMVP, Moderator 16 hours 44 minutes ago

You can create your own groups.

There are two levels to SCVMM

• there is fabric management - this is accessing and managing against host groups.  This gives hypervisor access.
• there is compute exposed to end consumer - this is accessing and managing against clouds. This gives only VM access.

If your users don't need to configure the hosts directly, then they should only be using Clouds and that paradigm to access VM resources.

Maybe this can help you

https://buildwindows.wordpress.com/2015/03/02/virtual-machine-manager-granular-persmissions-with-clouds-and-user-roles/

Hi Samir,

If I go through that process, pick the cloud, but don't select all the VMs. The users login and see no VMs in the cloud.

So it still seems like every time I add a VM I will have to go an edit the User Role or share it with the user role? If this is true I guess i'll just have to live with it; seems odd that you can't just assign a user role to all VMs in a cloud though.

• Edited by Shaun Rockett 14 hours 35 minutes ago