Create a Custom vCenter Server Role Using PowerCLI

You can create custom vCenter Server roles by using PowerCLI.

CryptographicOperations.DirectAccess is required only when the virtual machine's storage has encryption policies.

Prerequisites

Ensure that PowerCLI must be installed in the virtual machine.
Ensure that the PowerShell script is run in the PowerCLI console.

Procedure

Create a text file called CV_role_ids.txt and add the following content:

System.Anonymous
System.View
System.Read
Global.CancelTask
Folder.Create
Folder.Delete
CryptographicOperations.DirectAccess
Datastore.Browse
Datastore.DeleteFile
Datastore.FileManagement
Datastore.AllocateSpace
Datastore.UpdateVirtualMachineFiles
Host.Local.CreateVM
Host.Local.ReconfigVM
Host.Local.DeleteVM
VirtualMachine.Inventory.Create
VirtualMachine.Inventory.CreateFromExisting
VirtualMachine.Inventory.Register
VirtualMachine.Inventory.Delete
VirtualMachine.Inventory.Unregister
VirtualMachine.Inventory.Move
VirtualMachine.Interact.PowerOn
VirtualMachine.Interact.PowerOff
VirtualMachine.Interact.Suspend
VirtualMachine.Config.AddExistingDisk
VirtualMachine.Config.AddNewDisk
VirtualMachine.Config.RemoveDisk
VirtualMachine.Config.AddRemoveDevice
VirtualMachine.Config.Settings
VirtualMachine.Config.Resource
VirtualMachine.Provisioning.Customize
VirtualMachine.Provisioning.Clone
VirtualMachine.Provisioning.PromoteDisks
VirtualMachine.Provisioning.CreateTemplateFromVM
VirtualMachine.Provisioning.DeployTemplate
VirtualMachine.Provisioning.CloneTemplate
VirtualMachine.Provisioning.MarkAsTemplate
VirtualMachine.Provisioning.MarkAsVM
VirtualMachine.Provisioning.ReadCustSpecs
VirtualMachine.Provisioning.ModifyCustSpecs
Resource.AssignVMToPool
Task.Create
Sessions.TerminateSession

Modify the vCenter Server location in the following PowerShell script and run it:

The CV_role_ids.txt file must be in the same folder as the PowerShell script.

$cvRole = <name_of_the_custom_vCenter_Server_Role>
$cvRolePermFile = "cv_role_ids.txt"
$viserver = <vCenter_hostname>

Connect-VIServer -server $viserver

$cvRoleIds = @()

Get-Content $cvRolePermFile | Foreach-Object{
$cvRoleIds += $_
}

New-VIRole -name $cvRole -Privilege (Get-VIPrivilege -Server $viserver -id $cvRoleIds) -Server $viserver
Set-VIRole -Role $cvRole -AddPrivilege (Get-VIPrivilege -Server $viserver -id $cvRoleIds) -Server $viserver

Disconnect-VIServer -server $viserver -Confirm:$false