From the Hosts and clusters inventory, select the management domain vCenter Server, and click the Permissions tab.

Select the service account for vRealize Automation to vSphere integration and click the Change role icon.

In the Change role dialog box, from the Role drop-down menu, select No Access, select the Propagate to children check box, and click OK.

Repeat steps 3 and 4 for the service account for vRealize Orchestrator to vSphere integration.

Repeat the procedure for the management domain vCenter Server in each VMware Cloud Foundation instance.

Start Windows PowerShell.

Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "administrator@vsphere.local"
$sddcManagerPass = "VMw@re1!"

$sddcDomainName = "sfo-m01"

$domainAlias = "SFO"
$vraServiceAccount = "svc-vra-vsphere"
$vroServiceAccount = "svc-vro-vsphere"

Perform the configuration for the service account for vRealize Automation to vSphere integration by running the command in the PowerShell console.

Set-vCenterPermission -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domainAlias -workloadDomain $sddcDomainName -principal $vraServiceAccount -role "NoAccess"

Perform the configuration for the service account for vRealize Orchestrator to vSphere integration by running the command in the PowerShell console.

Set-vCenterPermission -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $domainAlias -workloadDomain $sddcDomainName -principal $vroServiceAccount -role "NoAccess"

Repeat the procedure for the management domain vCenter Server in each VMware Cloud Foundation instance.