As a seasoned IT professional, I have been using the vSphere Client Authentication (VCSA) for several years now, and have been happily utilizing the upgraded 6.0 version for some of my environments. However, I have encountered an issue where the web client shows an empty inventory despite having proper permissions. This issue was first brought to my attention by a tweet from Luis Ayuso, who asked if anyone else had experienced this problem.

After investigating the issue, I realized that the web client requires specific configuration for like-for-like access. In my scenario, I have a single VM deployment of the 6.0 VCSA with a simple install of the Platform Services Controller and a SSO Domain configured, and the VCSA connected and configured to a local Active Directory.

To configure the web client for like-for-like access, I added the user to the AD Group that had been granted administrator permissions in the VI Client at the top level. This gave the user full admin rights in the VI Client, but the web client still showed an empty inventory. To resolve this issue, I logged into the web client using the SSO Admin account and headed to Administration -> Users and Groups -> Groups. I selected the Administrators group in the main window, searched the AD Domain for the user account or group, and added it to the membership.

After adding the user to the group, I logged back into the web client with the user account and found that the full inventory was now visible, allowing me to perform tasks on vCenter objects. This solution may not be the best practice for achieving the goal, but it works and should be considered when setting up permission structures for vCenter based on your requirements.

In conclusion, configuring the web client for like-for-like access requires careful attention to the permissions setup in the VI Client and the AD Group membership. By following these steps, you can ensure that your users have the necessary access to perform their tasks effectively, without any limitations or restrictions.