vCenter Server privileges are required for the virtual machines that are associated with
a VMware provider. These privileges are included in the vCenter Administrator role.
If the user that is associated with the provider is not assigned to the Administrator role for an
inventory object, the user must be assigned to a role that has the following required privileges.
Ensure that the privileges are propagated to child objects. For instructions, refer to the VMware
documentation about adding a permission to an inventory object.
| vCenter Server Object |
Required Privileges |
| Alarm |
- Acknowledge alarm
- Set alarm status
|
| Cryptographic Operations (6.5 and 6.7) |
- Add disk
- Direct access
- Encrypt
- Encrypt new
- Manage encryption policies
|
| Datastore |
- Allocate space
- Browse datastore
- Low level file operations
- Remove datastore
- Remove file
- Update virtual machine files
|
| Distributed switch |
- Port configuration operation
- Port setting operation
|
| Folder |
|
| Global |
- Cancel task
- Manage custom attributes
- Set custom attribute
|
| Host > Configuration |
- Storage partition configuration
|
|
vSphere Tagging (6.5, 6.7, and 7.0)
|
- Assign or Unassign vSphere Tag
- Assign or Unassign vSphere Tag on Object (7.0)
- Create vSphere Tag
- Create vSphere Tag Category
- Modify UsedBy Field for Category
- Modify UsedBy Field for Tag
|
| Network |
|
| Resource |
- Apply recommendation
- Assign a vApp to resource pool
- Assign virtual machine to resource pool
- Migrate powered off virtual machine
- Migrate powered on virtual machine
- Query vMotion
|
| Virtual Machine > Configuration |
- Acquire disk lease (6.7 and 7.0)
- Add existing disk
- Add new disk
- Add or remove device
- Advanced (6.5)
- Advanced configuration (6.7 and 7.0)
- Change CPU count
- Change memory (6.7 and 7.0)
- Change settings (6.7 and 7.0)
- Configure raw device (6.7 and 7.0)
- Disk change tracking (6.5)
- Disk lease (6.5)
- Memory (6.5)
- Modify device settings
- Raw device (6.5)
- Reload from path
- Remove disk
- Rename
- Settings (6.5)
- Toggle disk change tracking (6.7 and 7.0)
|
| Virtual Machine > Guest Operations |
- Guest Operation Modifications
- Guest Operation Program Execution
- Guest Operation Queries
|
| Virtual Machine > Interaction |
- Backup operation on virtual machine
- Power Off
- Power On
|
| Virtual Machine > Inventory |
- Register
- Remove
- Unregister
|
| Virtual Machine > Provisioning |
- Allow disk access
- Allow read-only disk access
- Allow virtual machine download
- Allow virtual machine files upload
- Mark as template
- Mark as virtual machine
|
| Virtual Machine > Snapshot management |
- Create snapshot
- Remove snapshot
- Revert snapshot
|
| vApp |
- Add virtual machine
- Assign resource pool
- Assign vApp
- Create
- Delete
- Power Off
- Power On
- Rename
- Unregister
- vApp resource configuration
|