Virtual machine privileges

vCenter Server privileges are required for the virtual machines that are associated with a VMware provider. These privileges are included in the vCenter Administrator role.

If the user that is associated with the provider is not assigned to the Administrator role for an inventory object, the user must be assigned to a role that has the following required privileges. Ensure that the privileges are propagated to child objects. For instructions, refer to the VMware documentation about adding a permission to an inventory object.

vCenter Server Object Required Privileges
Alarm
  • Acknowledge alarm
  • Set alarm status
Cryptographic Operations (6.5 and 6.7)
  • Add disk
  • Direct access
  • Encrypt
  • Encrypt new
  • Manage encryption policies
Datastore
  • Allocate space
  • Browse datastore
  • Low level file operations
  • Remove datastore
  • Remove file
  • Update virtual machine files
Distributed switch
  • Port configuration operation
  • Port setting operation
Folder
  • Create folder
Global
  • Cancel task
  • Manage custom attributes
  • Set custom attribute
Host > Configuration
  • Storage partition configuration

vSphere Tagging (6.5, 6.7, and 7.0)

  • Assign or Unassign vSphere Tag
  • Assign or Unassign vSphere Tag on Object (7.0)
  • Create vSphere Tag
  • Create vSphere Tag Category
  • Modify UsedBy Field for Category
  • Modify UsedBy Field for Tag
Network
  • Assign network
Resource
  • Apply recommendation
  • Assign a vApp to resource pool
  • Assign virtual machine to resource pool
  • Migrate powered off virtual machine
  • Migrate powered on virtual machine
  • Query vMotion
Virtual Machine > Configuration
  • Acquire disk lease (6.7 and 7.0)
  • Add existing disk
  • Add new disk
  • Add or remove device
  • Advanced (6.5)
  • Advanced configuration (6.7 and 7.0)
  • Change CPU count
  • Change memory (6.7 and 7.0)
  • Change settings (6.7 and 7.0)
  • Configure raw device (6.7 and 7.0)
  • Disk change tracking (6.5)
  • Disk lease (6.5)
  • Memory (6.5)
  • Modify device settings
  • Raw device (6.5)
  • Reload from path
  • Remove disk
  • Rename
  • Settings (6.5)
  • Toggle disk change tracking (6.7 and 7.0)
Virtual Machine > Guest Operations
  • Guest Operation Modifications
  • Guest Operation Program Execution
  • Guest Operation Queries
Virtual Machine > Interaction
  • Backup operation on virtual machine
  • Power Off
  • Power On
Virtual Machine > Inventory
  • Register
  • Remove
  • Unregister
Virtual Machine > Provisioning
  • Allow disk access
  • Allow read-only disk access
  • Allow virtual machine download
  • Allow virtual machine files upload
  • Mark as template
  • Mark as virtual machine
Virtual Machine > Snapshot management
  • Create snapshot
  • Remove snapshot
  • Revert snapshot
vApp
  • Add virtual machine
  • Assign resource pool
  • Assign vApp
  • Create
  • Delete
  • Power Off
  • Power On
  • Rename
  • Unregister
  • vApp resource configuration