From the vSphere Client menu, select Administration.

In the left pane, select Access control > Global permissions and click Add.

In the Add permission dialog box, enter your values for the VMware Aria Automation service account from the VMware Cloud Foundation Planning and Preparation Workbook, select the Propagate to children check box, and click OK.

Repeat the procedure for the VMware Aria Automation Orchestrator service account.

Repeat the procedure for each isolated VI workload domain vCenter Server.

Start Windows PowerShell

Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "[email protected]"
$sddcManagerPass =  "VMw@re1!"

$sddcDomainName = "sfo-m01"

$domainFqdn = "sfo.rainpole.io"
$domainBindUser = "svc-vsphere-ad"
$domainBindPass =  "VMw@re1!"

$assemblerServiceAccount = "svc-vra-vsphere"
$assemblerVsphereRoleName = "VMware Aria Automation to vSphere Integration"

$orchestratorServiceAccount = "svc-vro-vsphere"
$orchestratorVsphereRoleName = "VMware Aria Automation Orchestrator to vSphere Integration"

Perform the configuration by running the commands.

Add-vCenterGlobalPermission -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -sddcDomain $sddcDomainName -domain $domainFqdn -domainBindUser $domainBindUser -domainBindPass $domainBindPass -principal $assemblerServiceAccount -role $assemblerVsphereRoleName -propagate true -type user

Add-vCenterGlobalPermission -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -sddcDomain $sddcDomainName -domain $domainFqdn -domainBindUser $domainBindUser -domainBindPass $domainBindPass -principal $orchestratorServiceAccount -role $orchestratorVsphereRoleName -propagate true -type user

Repeat the procedure for each VMware Cloud Foundation instance.