remove datastore role

hi,


i created a a vcenter role that can remove datastores. Then at the root of vcenter I added a permission to an AD user and coupled it to this role and it propagates.


When I run my script I get this error:


Datastore NFS_Sata_02_GX_BACKUP_15358_2 inaccessible, removing


SOAP Fault:

-

Fault string: Permission to perform this operation was denied.

Fault detail: NoPermissionFault

This is my code:


====================begin script ==============================================


#!/usr/bin/env perl


# Disable SSL hostname verification for vCenter self-signed certificate
BEGIN {
    $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
}


use strict;
use warnings;


use VMware::VIRuntime;
use VMware::VILib;
use VMware::VIExt;


$SIG = sub ;

my %opts = (
    vihost => {
        alias    => "h",
        type     => "=s",
        help     => "The host to use when connecting via a vCenter Server",
        required => 0,
    },
    list => {
        alias    => "l",
        type     => "",
        help     => "List the currently inaccessible NAS file systems",
        required => 0,
    },
    list_and_remove => {
        alias => "r",
        type  => "",
        help  => "List and remove the currently inaccessible NAS file systems",
        required => 0,
    },
);


Opts::add_options(%opts);
Opts::parse();
Opts::validate();


my $list = Opts::get_option('list');
my $list_and_remove = Opts::get_option('list_and_remove');


Util::connect();


my $esxhost_view = Vim::find_entity_views(

    view_type  => 'HostSystem',

    properties =>

);

for my $host ( sort { $a->name cmp $b->name } @$esxhost_view ) {
    print $host->name, "\n";


    # set this variable to get the host view correctly per esx host
    Opts::set_option( 'vihost', $host->name );


    # we need only the datastore info of every esx host

    my $host_view =

      VIExt::get_host_view( 1, );

    Opts::assert_usage( defined($host_view), "Invalid host." );

    my $datastore_system =

      Vim::get_view( mo_ref => $host_view->{'configManager.datastoreSystem'} );

    if ( defined $list ) {

        list_nas($datastore_system);

    }

    elsif ( defined $list_and_remove ) {

        remove_ghost_nas( $datastore_system) ;

    }

    else {

        Opts::usage();

        exit 1;

    }

}

Util::disconnect();


sub list_nas {
    my ($dssys) = @_;
    my $datastores = $dssys->datastore;


    foreach my $dsRef (@$datastores) {
        my $ds = Vim::get_view( mo_ref => $dsRef );
        if ( $ds->info->isa("NasDatastoreInfo") ) {
            next if $ds->summary->accessible == 1;
            print $ds->info->name, " inaccessible\n";


            #$dssys->RemoveDatastore(datastore => $dsRef);
        }
    }
}


sub remove_ghost_nas {
    my ($dssys) = @_;
    my $datastores = $dssys->datastore;


    foreach my $dsRef (@$datastores) {
        my $ds = Vim::get_view( mo_ref => $dsRef );
        if ( $ds->info->isa("NasDatastoreInfo") ) {
            next if $ds->summary->accessible == 1;
            print $ds->info->name, " inaccessible, removing\n";


            $dssys->RemoveDatastore(datastore => $dsRef);
        }
    }
}


 


=====================end script ====================================


If I run it with the --list switch it's ok:


 


perl rm-esx-inaccessible-nasdatastores --list
esx1.domain.tld
esx2.domain.tld


.....


esx222.domain.tld
Datastore NFS_Sata_02_GX_BACKUP_15358_2 inaccessible
Datastore NFS_Sata_04_GX_BACKUP_15361_2 inaccessible
esx333.domain.tld
Datastore NFS_Sata_01_GX_BACKUP_15359_2 inaccessible


esxxxx.domain.tld


esxxxx.domain.tld


Datastore NFS_TEMP_GX_BACKUP_15357_2 inaccessible

is it possible to use a vcenter role to remove datastores or do I have to create local roles and local users?