If the user that is associated with the provider is not assigned to the Administrator
role for an inventory object, the user must be assigned to a role that has the following required
privileges. Ensure that the privileges are propagated to child objects. For instructions for adding
a permission to an inventory object, see the Add a Permission to an Inventory Object page .
A test feature is available to verify that a user account has the required VMware privileges.
Follow the instructions in Testing a vCenter Server user account for required privileges to view the VMware privileges
that are associated with the user account.
vCenter Server Object |
Required Privileges |
Alarm |
- Acknowledge alarm
- Set alarm status
|
Cryptographic Operations (6.5 and 6.7) |
- Add disk
- Direct access
- Encrypt
- Encrypt new
- Manage encryption policies
|
Datastore |
- Allocate space
- Browse datastore
- Low level file operations
- Remove datastore
- Remove file
- Update virtual machine files
|
Distributed switch |
- Port configuration operation
- Port setting operation
|
Folder |
|
Global |
- Cancel task
- Manage custom attributes
- Set custom attribute
|
Host > Configuration |
- Storage partition configuration
|
vSphere Tagging (6.5, 6.7, and 7.0)
|
- Assign or Unassign vSphere Tag
- Assign or Unassign vSphere Tag on Object (7.0)
- Create vSphere Tag
- Create vSphere Tag Category
- Modify UsedBy Field for Category
- Modify UsedBy Field for Tag
|
Network |
|
Resource |
- Apply recommendation
- Assign a vApp to resource pool
- Assign virtual machine to resource pool
- Migrate powered off virtual machine
- Migrate powered on virtual machine
- Query vMotion
|
Virtual Machine > Configuration |
- Acquire disk lease (6.7 and 7.0)
- Add existing disk
- Add new disk
- Add or remove device
- Advanced (6.5)
- Advanced configuration (6.7 and 7.0)
- Change CPU count
- Change memory (6.7 and 7.0)
- Change settings (6.7 and 7.0)
- Configure raw device (6.7 and 7.0)
- Disk change tracking (6.5)
- Disk lease (6.5)
- Memory (6.5)
- Modify device settings
- Raw device (6.5)
- Reload from path
- Remove disk
- Rename
- Settings (6.5)
- Toggle disk change tracking (6.7 and 7.0)
|
Virtual Machine > Guest Operations |
- Guest Operation Modifications
- Guest Operation Program Execution
- Guest Operation Queries
|
Virtual Machine > Interaction |
- Backup operation on virtual machine
- Power Off
- Power On
|
Virtual Machine > Inventory |
- Register
- Remove
- Unregister
|
Virtual Machine > Provisioning |
- Allow disk access
- Allow read-only disk access
- Allow virtual machine download
- Allow virtual machine files upload
- Mark as template
- Mark as virtual machine
|
Virtual Machine > Snapshot management |
- Create snapshot
- Remove snapshot
- Revert snapshot
|
vApp |
- Add virtual machine
- Assign resource pool
- Assign vApp
- Create
- Delete
- Power Off
- Power On
- Rename
- Unregister
- vApp resource configuration
|