VMware vSphere Privileges

Edit online

In IBM® Storage Defender Copy Data Management, the user account that is associated with the provider is not assigned the Administrator role for an inventory object. Instead, the user must be assigned to a role that has, at a minimum, the following privileges. These privileges are propagated to child objects. For more information about adding a permission to an inventory object, refer to the VMware documentation.

In the following list, the bold text indicates the vCenter Server Object, and the indented text with a bullet is the require privilege of that object. Some entries listed with the version to indicate different levels.

vCenter Server Object Required Privileges
Alarm
  • Acknowledge alarm
  • Set alarm status
Cryptographic Operations (6.5 and 6.7)
  • Add disk
  • Direct access
  • Encrypt
  • Encrypt new
  • Manage encryption policies
Datastore
  • Allocate space
  • Browse datastore
  • Low-level file operations
  • Remove datastore
  • Remove file
  • Update virtual machine files
Distributed switch
  • Port configuration operation
  • Port setting operation
Folder
  • Create folder
Global
  • Cancel task
Host > Configuration
  • Storage partition configuration

Inventory Service > Tagging (6.0)

vSphere Tagging (6.5, and 6.7)
  • Assign or Unassign vSphere Tag
  • Create vSphere Tag
  • Create vSphere Tag Category
  • Modify UsedBy Field for Category
  • Modify UsedBy Field for Tag
Network
  • Assign network
Resource
  • Apply recommendation
  • Assign a vApp to resource pool
  • Assign virtual machine to resource pool
  • Migrate powered off virtual machine
  • Migrate powered on virtual machine
  • Query vMotion
Virtual Machine > Configuration
  • Add existing disk
  • Add new disk
  • Add or remove device
  • Advanced (6.0 and 6.5)
  • Advanced configuration (6.7)
  • Change CPU count
  • Change memory (6.7)
  • Configure raw device (6.7)
  • Disk change tracking (6.0 and 6.5)
  • Memory (6.0 and 6.5)
  • Modify device settings
  • Raw device (6.0 and 6.5)
  • Reload from path
  • Remove disk
  • Rename
  • Settings
  • Toggle disk change tracking (6.7)
Virtual Machine > Guest Operations
  • Guest Operation Modifications
  • Guest Operation Program Execution
  • Guest Operation Queries
Virtual Machine > Interaction
  • Backup operation on virtual machine
  • Power® Off
  • Power On
Virtual Machine > Inventory
  • Register
  • Remove
  • Unregister
Virtual Machine > Provisioning
  • Allow read-only disk access
  • Mark as template
  • Mark as virtual machine
Virtual Machine > Snapshot management
  • Create snapshot
  • Remove snapshot
  • Revert snapshot
vApp
  • Add virtual machine
  • Assign resource pool
  • Assign vApp
  • Create
  • Delete
  • Power Off
  • Power On
  • Rename
  • Unregister
  • vApp resource configuration