By default, users can work with persistent storage Enterprise administrators can manage persistent volumes, which are VM templates containing persistent volumes as the primary disklocated on external storage. When the user undeploys or detaches a volume, the data is intact and the user can attach the volume to another VM. This feature requires external storage volumes.Users a public cloud provider that supports volumes, such as AWS or Azure.
Default access to volumes feature
By default enterprise administrators can access this feature on the Persistent VM tab in Virtual datacenters → open a virtual appliance → Virtual machines, or Volumes tab in Virtual datacenters or through the API.
The Persistent VM tab displays beside the Templates tab.
From this tab the user can also create new persistent templates.
...
And the user can add volumes to a VM by editing the VM on the Storage tab and dragging available volumes into the Storage list. Note that the Volumes heading will continue to display even after the privilege is removed.
...
Control access to volumes feature
It is easy to remove access to this feature by removing a couple of privileges that are present in the default user enterprise administrator role.
To disable the display of the Persistent VM Volumes tab so that the user cannot create persistent VMs by dragging and dropping persistent templates.
- Remove the "Access persistent templates view" privilege from the user role
To prevent the user from creating persistent templates, using the + button in on the Persistent VM tab or through the API:
...
manage persistent volumes.
Remove the
Manage virtual storage elementsprivilege from the enterprise administrator role