Hide Forgot
Description of problem: User actions on a VM that log an event with VMware (e.g.: vm_start, vm_stop, vm_destroy) call the VIM API call EventMonitor.LogUserEvent. This API call fails with 'Permission to perform this operation was denied.' [----] E, [2016-09-13T13:53:22.030984 #9274:897998] ERROR -- : MIQ(MiqQueue#m_callback) Message id: [100000000401138]: Handsoap::Fault { :code => 'ServerFault Code', :reason => 'Permission to perform this operation was denied.' } [----] E, [2016-09-13T13:53:22.031084 #9274:897998] ERROR -- : MIQ(MiqQueue#m_callback) backtrace: (druby://127.0.0.1:35922) /opt/rh/cfme-gemset/bundler/gems/ handsoap-4b342ee6124d/lib/handsoap/service.rb:195:in `on_fault' (druby://127.0.0.1:35922) /opt/rh/cfme-gemset/bundler/gems/handsoap-4b342ee6124d/lib/handsoap/service.rb:283:in `dispatch' (druby://127.0.0.1:35922) /opt/rh/cfme-gemset/bundler/gems/handsoap-4b342ee6124d/lib/handsoap/service.rb:189:in `invoke' (druby://127.0.0.1:35922) /var/www/miq/vmdb/gems/pending/VMwareWebService/VimService.rb:468:in `logUserEvent' (druby://127.0.0.1:35922) /var/www/miq/vmdb/gems/pending/VMwareWebService/MiqVimInventory.rb:1933:in `logUserEvent' (druby://127.0.0.1:35922) /var/www/miq/vmdb/gems/pending/VMwareWebService/MiqVimVm.rb:1210:in `logUserEvent' (druby://127.0.0.1:35922) /opt/rh/rh-ruby22/root/usr/share/ruby/drb/drb.rb:1624:in `perform_without_block' (druby://127.0.0.1:35922) /opt/rh/rh-ruby22/root/usr/share/ruby/drb/drb.rb:1584:in `perform' (druby://127.0.0.1:35922) /opt/rh/rh-ruby22/root/usr/share/ruby/drb/drb.rb:1657:in `block (2 levels) in main_loop' (druby://127.0.0.1:35922) /opt/rh/rh-ruby22/root/usr/share/ruby/drb/drb.rb:1653:in `loop' (druby://127.0.0.1:35922) /opt/rh/rh-ruby22/root/usr/share/ruby/drb/drb.rb:1653:in `block in main_loop' (druby://127.0.0.1:35922) /opt/rh/cfme-gemset/gems/logging-2.1.0/lib/logging/diagnostic_context.rb:450:in `call' (druby://127.0.0.1:35922) /opt/rh/cfme-gemset/gems/logging-2.1.0/lib/logging/diagnostic_context.rb:450:in `block in create_with_logging_context' /var/www/miq/vmdb/app/models/manageiq/providers/vmware/infra_manager.rb:448:in `block in invoke_vim_ws' /var/www/miq/vmdb/app/models/mixins/provider_object_mixin.rb:15:in `block in with_provider_object' /var/www/miq/vmdb/app/models/mixins/vim_connect_mixin.rb:36:in `with_provider_connection' /var/www/miq/vmdb/app/models/mixins/provider_object_mixin.rb:12:in `with_provider_object' /var/www/miq/vmdb/app/models/manageiq/providers/vmware/infra_manager.rb:447:in `invoke_vim_ws' /var/www/miq/vmdb/app/models/manageiq/providers/vmware/infra_manager.rb:166:in `vm_start' Version-Release number of selected component (if applicable): 5.6.1.2
I am able to reproduce this error if I do not enable the "Global.LogEvent" privilege for the MIQ user. This privilege is defined as "Allows logging a user-defined event against a particular managed entity." and is specified as required in the CFME documentation here "1.4.2.1. Using a Non-Administrator Account for Host Credentials" Can we confirm that this privilege is given to the user that CFME uses to authenticate to vCenter?
Works when user permissions are configured per CFME documentation.