If you need to allow a specific user or group the permission to change the connected network on a virtual machine in vSphere, then permissions have to be given in a couple of places. This provides very granular control about the machines and the networks that a person can use, however may not be totally apparent when you are trying to get it working (it wasn’t apparent to me until I thought about the problem for a while).
Two distinct permissions are required:
Against the Virtual Machine that they want to edit
- Virtual Machine –> Configuration –> Modify Device Settings
- Virtual Machine –> Configuration –> Settings
Against the Network objects that they can assign
- Network –> Assign Network
If the user or group in question does not have the Assign Network permission applied to the network object, then the object does not appear in the list of networks selectable. If there are no networks that the user has the Assign Network permission on, then the option to change the network assigned to a VM will not be available to that user.
