As a vCenter Server administrator, you can create a custom vCenter Server role in App Volumes and assign privileges to the role.

A service account is used by the App Volumes Manager to communicate with vCenter Server. The default administrator role can be used for this service account, but you can create a vCenter Server role with certain privileges, specifically for the App Volumes service account.

You can also use PowerCLI to create a custom role. See Create a Custom vCenter Server Role Using PowerCLI.


  1. Manually create a new vCenter Server role.
  2. Assign privileges to the role.
    Object Permission
    Cryptographic Operations
    • Direct Access
      Note: This permission is required only when the virtual machine’s storage has encryption policies.
    • Add disk
    • Allocate space
    • Browse datastore
    • Low-level file operations
    • Remove file
    • Update virtual machine files
    • Create folder
    • Delete folder
    Global Cancel task
    Host > Local operations
    • Create virtual machine
    • Delete virtual machine
    • Reconfigure virtual machine
    Resource Assign virtual machine to resource pool
    Sessions View and stop sessions
    Tasks Create task
    Virtual machine > Change Configuration
    • Add existing disk
    • Add new disk
    • Add or remove device
    • Advanced configuration
    • Change resource
    • Query unowned files
    • Remove disk
    • Change Settings
    Virtual machine > Edit Inventory
    • Create from existing
    • Create new
    • Move
    • Register
    • Remove
    • Unregister
    Virtual machine > Interaction
    • Power Off
    • Power On
    • Suspend
    Virtual machine > Provisioning
    • Clone template
    • Clone virtual machine
    • Create template from virtual machine
    • Customize guest
    • Deploy template
    • Mark as template
    • Mark as virtual machine
    • Modify customization specifications
    • Promote disks
    • Read customization specifications