Virtual machine privileges

If the user that is associated with the provider is not assigned to the Administrator role for an inventory object, the user must be assigned to a role that has the following required privileges. Ensure that the privileges are propagated to child objects. For instructions for adding a permission to an inventory object, see the Add a Permission to an Inventory Object page .

A test feature is available to verify that a user account has the required VMware privileges. Follow the instructions in Testing a vCenter Server user account for required privileges to view the VMware privileges that are associated with the user account.

vCenter Server Object Required Privileges
Alarm
  • Acknowledge alarm
  • Set alarm status
Cryptographic Operations (6.5 and 6.7)
  • Add disk
  • Direct access
  • Encrypt
  • Encrypt new
  • Manage encryption policies
Datastore
  • Allocate space
  • Browse datastore
  • Low level file operations
  • Remove datastore
  • Remove file
  • Update virtual machine files
Distributed switch
  • Port configuration operation
  • Port setting operation
Folder
  • Create folder
Global
  • Cancel task
  • Manage custom attributes
  • Set custom attribute
Host > Configuration
  • Storage partition configuration

vSphere Tagging (6.5, 6.7, and 7.0)
  • Assign or Unassign vSphere Tag
  • Assign or Unassign vSphere Tag on Object (7.0)
  • Create vSphere Tag
  • Create vSphere Tag Category
  • Modify UsedBy Field for Category
  • Modify UsedBy Field for Tag
Network
  • Assign network
Resource
  • Apply recommendation
  • Assign a vApp to resource pool
  • Assign virtual machine to resource pool
  • Migrate powered off virtual machine
  • Migrate powered on virtual machine
  • Query vMotion
Virtual Machine > Configuration
  • Acquire disk lease (6.7 and 7.0)
  • Add existing disk
  • Add new disk
  • Add or remove device
  • Advanced (6.5)
  • Advanced configuration (6.7 and 7.0)
  • Change CPU count
  • Change memory (6.7 and 7.0)
  • Change settings (6.7 and 7.0)
  • Configure raw device (6.7 and 7.0)
  • Disk change tracking (6.5)
  • Disk lease (6.5)
  • Memory (6.5)
  • Modify device settings
  • Raw device (6.5)
  • Reload from path
  • Remove disk
  • Rename
  • Settings (6.5)
  • Toggle disk change tracking (6.7 and 7.0)
Virtual Machine > Guest Operations
  • Guest Operation Modifications
  • Guest Operation Program Execution
  • Guest Operation Queries
Virtual Machine > Interaction
  • Backup operation on virtual machine
  • Power Off
  • Power On
Virtual Machine > Inventory
  • Register
  • Remove
  • Unregister
Virtual Machine > Provisioning
  • Allow disk access
  • Allow read-only disk access
  • Allow virtual machine download
  • Allow virtual machine files upload
  • Mark as template
  • Mark as virtual machine
Virtual Machine > Snapshot management
  • Create snapshot
  • Remove snapshot
  • Revert snapshot
vApp
  • Add virtual machine
  • Assign resource pool
  • Assign vApp
  • Create
  • Delete
  • Power Off
  • Power On
  • Rename
  • Unregister
  • vApp resource configuration