vCenter 7 Tags issue

Hi folks,

we recently update our environment to vsphere 7 for a small part of our infra, we made a greenfield deployment and migrate host to the new vcenter. Today our level 2 reports us that they cannot apply or modify tags into vms.

After review permissions they have the assign/unassign tag at global level, but they cannot apply it, we even upgrade his role to admin and they continue with the error. Also we note that if we went to tag permissions it doesn’t show nothing



Digging a little bit more we discover that only those in the default administrators group can create, delete or assign tag and categories. This also happen via powercli so it’s not a issue related with webclient.

Tomorrow we will open a SR with VMware, but I want to ask if anyone with a lab with vSphere 7 could check if he can review tags permissions to help us in the troubleshooting.

Best regards

View Reddit by desertspotterView Source

Related Articles


  1. The majority of oddball “I have this role/right but I cannot do XYZ” issues that I encounter are users with multiple security groups being applied. It happens in my environment when roles I use for vcenter permissions are nested into other groups.

  2. In 7.0 I just created a user called tagger, created a group called Taggers and added tagger, created a role called Taggers (which only has the permissions to manage tags, nothing else), assigned permissions to group Taggers at the vCenter level with only the Taggers role, logged in as the tagger user, and was able to create and apply tags as well as manage tag categories.

    Definitely something we test in QA BTW. Sounds like you’ve got something else going on – call to GSS is probably quickest resolution – good luck. `Disclaimer, I work for VMware`

Leave a Reply

Your email address will not be published. Required fields are marked *