You can create custom vCenter Server roles by using PowerCLI.
Procedure
- Create a text file called CV_role_ids.txt and add the following content:
System.Anonymous System.View System.Read Global.CancelTask Folder.Create Folder.Delete CryptographicOperations.DirectAccess Datastore.Browse Datastore.DeleteFile Datastore.FileManagement Datastore.AllocateSpace Datastore.UpdateVirtualMachineFiles Host.Local.CreateVM Host.Local.ReconfigVM Host.Local.DeleteVM VirtualMachine.Inventory.Create VirtualMachine.Inventory.CreateFromExisting VirtualMachine.Inventory.Register VirtualMachine.Inventory.Delete VirtualMachine.Inventory.Unregister VirtualMachine.Inventory.Move VirtualMachine.Interact.PowerOn VirtualMachine.Interact.PowerOff VirtualMachine.Interact.Suspend VirtualMachine.Config.AddExistingDisk VirtualMachine.Config.AddNewDisk VirtualMachine.Config.RemoveDisk VirtualMachine.Config.AddRemoveDevice VirtualMachine.Config.Settings VirtualMachine.Config.Resource VirtualMachine.Provisioning.Customize VirtualMachine.Provisioning.Clone VirtualMachine.Provisioning.PromoteDisks VirtualMachine.Provisioning.CreateTemplateFromVM VirtualMachine.Provisioning.DeployTemplate VirtualMachine.Provisioning.CloneTemplate VirtualMachine.Provisioning.MarkAsTemplate VirtualMachine.Provisioning.MarkAsVM VirtualMachine.Provisioning.ReadCustSpecs VirtualMachine.Provisioning.ModifyCustSpecs Resource.AssignVMToPool Task.Create Sessions.TerminateSession
- Modify the vCenter Server location in the following PowerShell script and run it:
The CV_role_ids.txt file must be in the same folder as the PowerShell script.
$cvRole = "App Volumes Role" $cvRolePermFile = "CV_role_ids.txt" $viserver = "your-vcenter-server-FQDN" Connect-VIServer -server $viServer $cvRoleIds = @() Get-Content $cvRolePermFile | Foreach-Object{ $cvRoleIds += $_ } New-VIRole -name $cvRole -Privilege (Get-VIPrivilege -Server $viserver -id $cvRoleIds) -Server $viserver Set-VIRole -Role $cvRole -AddPrivilege (Get-VIPrivilege -Server $viserver -id $cvRoleIds) -Server $viserver