vmware probe discovers vm's that the user has no access to

Document ID : KB000093067
Last Modified Date : 01/05/2018
Show Technical Document Details
Issue:
We do not want all the VM's in the VCenter discovered by the VMWare probe.
To achieve this a folder was created in VCenter where the user defined in the probe has no access and the VM's that we do not want discovered are placed in this folder.
This works partially as the VM's are not seen in the VMWare probe config but they are still discovered and populated in USM
Environment:
UIM 8.51 +
VMWare probe all versions
Cause:
  • Even though the user has no access to the folder it can still see the vm's in the datastore.
  • This is seen in the VMWare Managed Object Browser (MOB)
    • On a computer that can access the sphere web client please browse to 
      • http://servername/mob 
      • login as the user configured in the probe 
      • now browse as follows 
        • Content (content) - rootFolder (group-d1) - childEntity (datacenter-xx) - datastore (datastore-xx) 
      • scroll down and you will see all the VM's this user has access to in the datastore 
Resolution:
  • Create a resource pool in VCenter and add the VM's to it
  • Define the No Access Permission on this Resource Pool for the probe user
With this in effect the user cannot see the VM's in MOB and they are not discovered by the VMWare probe