Virtual machine privileges

vCenter Server privileges are required for the virtual machines that are associated with a VMware provider. These privileges are included in the vCenter Administrator role.

If the user that is associated with the provider is not assigned to the Administrator role for an inventory object, the user must be assigned to a role that has the following required privileges. Ensure that the privileges are propagated to child objects. For instructions, refer to the VMware documentation about adding a permission to an inventory object.

vCenter Server Object Required Privileges
Alarm
  • Acknowledge alarm
  • Set alarm status
Cryptographic Operations
  • Add disks
  • Direct access
  • Encrypt
  • Encrypt new
  • Manage encryption policies
Datacenter
  • Create datacenter
  • Reconfigure datacenter
Datastore
  • Allocate space
  • Browse datastore
  • Configure datastore
  • Low level file operations
  • Remove file
  • Update virtual machine files
Datastore Cluster
  • Configure a datastore cluster
Distributed switch
  • Create
  • Delete
  • Host operation
  • Modify
  • Move
  • Network I/O Control operation
  • Policy operation
  • Port configuration option
  • Port setting operation
  • VSPAN operation
ESX Agent Manager
  • Config
  • Modify
  • View
Extension
  • Register extension
Folder
  • Create folder
  • Delete folder
  • Move folder
  • Rename folder
Global
  • Cancel task
  • Diagnostics (used for troubleshooting, not required for operations)
  • Disable methods
  • Enable methods
  • Licenses
  • Log event
  • Manage custom attributes
  • Set custom attribute
  • Settings
Host > Configuration
  • Advanced settings
  • Storage partition configuration
Inventory Service > vSphere Tagging
  • Assign or Unassign vSphere Tag
  • Create vSphere Tag
  • Create vSphere Tag Category
  • Modify UsedBy Field for Category
  • Modify UsedBy Field for Tag
Network
  • Assign network
  • Configure
  • Move network
  • Remove
Resource
  • Apply recommendation
  • Assign a vApp to resource pool
  • Assign virtual machine to resource pool
  • Create resource pool
  • Migrate powered off VM
  • Migrate powered on VM
  • Modify resource pool
  • Move resource pool
  • Query vMotion
  • Remove resource pool
  • Rename resource pool
Sessions
  • View and stop sessions
Storage views
  • Configure service
  • View
Tasks
  • Create task
  • Update task
Virtual Machine > Configuration
  • Add existing disk
  • Add new disk
  • Add or remove device
  • Advanced
  • Change CPU count
  • Change resource
  • Configure managedBy
  • Disk change tracking
  • Disk lease
  • Display connection settings
  • Extend virtual disk
  • Host USB device
  • Memory
  • Modify device settings
  • Query Fault Tolerance compatibility
  • Query unowned files
  • Raw device
  • Reload from path
  • Remove disk (detach and remove virtual disk)
  • Rename
  • Reset guest information
  • Set annotation
  • Settings
  • Swapfile placement
  • Unlock virtual machine
  • Upgrade virtual machine compatibility
Virtual Machine > Guest Operations
  • Guest Operation Modifications
  • Guest Operation Program Execution
  • Guest Operation Queries
Virtual Machine > Interaction
  • Answer question
  • Backup operation on virtual machine
  • Configure CD media
  • Configure floppy media
  • Console interaction
  • Create screenshot
  • Defragment all disks
  • Device connection
  • Disable Fault Tolerance
  • Enable Fault Tolerance
  • Guest operating system management by VIX API
  • Inject USB HID scan codes
  • Perform wipe or shrink operations
  • Power Off
  • Power On
  • Record session on VM
  • Replay session on VM
  • Reset
  • Resume Fault Tolerance
  • Suspend
  • Suspend Fault Tolerance
  • Test failover
  • Test restart Secondary VM
  • Turn Off Fault Tolerance
  • Turn On Fault Tolerance
  • VMware Tools install
Virtual Machine > Inventory
  • Create from existing
  • Create new
  • Move
  • Register
  • Remove
  • Unregister
Virtual Machine > Provisioning
  • Allow disk access
  • Allow read-only disk access
  • Allow virtual machine download
  • Allow virtual machine files upload
  • Clone template
  • Clone virtual machine
  • Create template from virtual machine
  • Customize
  • Deploy template
  • Mark as template
  • Mark as virtual machine
  • Modify customization specification
  • Promote disks
  • Read customization specifications
Virtual Machine > Service configuration
  • Allow notifications
  • Allow polling of global event notifications
  • Manage service configurations
  • Modify service configurations
  • Query service configurations
  • Read service configurations
Virtual Machine > Snapshot management
  • Create snapshot
  • Remove snapshot
  • Rename snapshot
  • Revert to snapshot
Virtual Machine > vSphere Replication
  • Configure replication
  • Manage replication
  • Monitor replication
vApp
  • Add VM to vApp
  • Assign resource pool to vApp
  • Assign vApp to another vApp
  • Clone
  • Create
  • Delete
  • Export
  • Import
  • Move
  • Power Off
  • Power On
  • Rename
  • Suspend
  • Unregister
  • View OVF Environment
  • vApp application configuration
  • vApp instance configuration
  • vApp managedBy configuration
  • vApp resource configuration