We have recently upgraded our vCenter from 6.0 to 6.7, build 11727113. After the upgrade, we have experienced what seems to be a bug regarding assigning privileges to objects like VMs, or folders on vCenter.
My user is a part of a group 'Administrators', which has global Administrator Permissions.
The problem I am experiencing right after the upgrade is when I try to add permissions to a local vCenter user using my administrator account, I get the following error:
"The requested change cannot be completed because it could leave the system without full administrative privileges for a user or group."
After doing a bit of googling I stabled on this only post that addresses the error: VMware Knowledge Base
From what it seems like, it has nothing to do with the issue I have, since I am not trying to do anything with users that have global Permissions, I am just trying to give some permissions to the newly created user on vCenter. This makes infrastructure virtually unusable, and the only right way I see it to just reinstall vCenter(which will require downtime, that I would really like to avoid) which might not even solve the issue.
My colleague has recently tried to reproduce the issue with the same vCenter, and he didn't have the same issue. So the issue might be exactly during the upgrade process and not fresh install
What we found different, is that global permissions on our infrastructure currently look something like this:
Image may be NSFW.
Clik here to view.
And this is what fresh install looks like:
Image may be NSFW.
Clik here to view.
We have used Migrate to the vCenter Server Appliance - VMware vSphere Blog to migrate
