Because VMware performs host administration and other tasks for you, a Cloud Administrator requires fewer privileges than an Administrator user on an on-premises data center.
The CloudAdmin role has a set of privileges that is dynamically generated for your SDDC. They include most of the available privileges in all categories. To view the privileges granted to the CloudAdmin role, log into the SDDC vSphere Client, click , select CloudAdmin from the list of roles, then click PRIVILEGES.
You can also use a PowerShell snippet like this one to retrieve the list of privileges for the CloudAdmin role in your SDDC.
$vmcUserName = "CloudAdmin"
$authMgr = Get-View $global:DefaultVIServer.ExtensionData.Content.AuthorizationManager
Write-Host "vCenter Version: $($global:DefaultVIServer.ExtensionData.Content.About.Version)"
Write-Host "Build: $($global:DefaultVIServer.ExtensionData.Content.About.Build)"
($authMgr.RoleList | where {$_.Name -eq $vmcUserName}).Privilege
The CloudAdmin role has the following privileges in SDDC Version 1.24.
vCenter Version: 8.0.2, Build: 23319993Alarm.Acknowledge Alarm.Create Alarm.Delete Alarm.DisableActions Alarm.Edit Alarm.SetStatus Authorization.ModifyPermissions Authorization.ModifyRoles CertificateManagement.Manage Cns.Searchable ComputePolicy.Manage ContentLibrary.AddCertToTrustStore ContentLibrary.AddLibraryItem ContentLibrary.CheckInTemplate ContentLibrary.CheckOutTemplate ContentLibrary.CreateLocalLibrary ContentLibrary.CreateSubscribedLibrary ContentLibrary.DeleteCertFromTrustStore ContentLibrary.DeleteLibraryItem ContentLibrary.DeleteLocalLibrary ContentLibrary.DeleteSubscribedLibrary ContentLibrary.DownloadSession ContentLibrary.EvictLibraryItem ContentLibrary.EvictSubscribedLibrary ContentLibrary.GetConfiguration ContentLibrary.ImportStorage ContentLibrary.ProbeSubscription ContentLibrary.ReadStorage ContentLibrary.SyncLibrary ContentLibrary.SyncLibraryItem ContentLibrary.TypeIntrospection ContentLibrary.UpdateConfiguration ContentLibrary.UpdateLibrary ContentLibrary.UpdateLibraryItem ContentLibrary.UpdateLocalLibrary ContentLibrary.UpdateSession ContentLibrary.UpdateSubscribedLibrary Cryptographer.Access Cryptographer.Clone Cryptographer.Decrypt Cryptographer.Encrypt Cryptographer.EncryptNew Cryptographer.Migrate Cryptographer.RegisterVM Datastore.AllocateSpace Datastore.Browse Datastore.Config Datastore.DeleteFile Datastore.FileManagement Datastore.UpdateVirtualMachineFiles Datastore.UpdateVirtualMachineMetadata Extension.Register Extension.Unregister Extension.Update Folder.Create Folder.Delete Folder.Move Folder.Rename Global.CancelTask Global.GlobalTag Global.Health Global.LogEvent Global.ManageCustomFields Global.ServiceManagers Global.SetCustomField Global.SystemTag HLM.Manage Host.Hbr.HbrManagement InventoryService.Tagging.AttachTag InventoryService.Tagging.CreateCategory InventoryService.Tagging.CreateTag InventoryService.Tagging.DeleteCategory InventoryService.Tagging.DeleteTag InventoryService.Tagging.EditCategory InventoryService.Tagging.EditTag InventoryService.Tagging.ModifyUsedByForCategory InventoryService.Tagging.ModifyUsedByForTag InventoryService.Tagging.ObjectAttachable Namespaces.Configure Namespaces.SelfServiceManage Network.Assign Resource.ApplyRecommendation Resource.AssignVAppToPool Resource.AssignVMToPool Resource.ColdMigrate Resource.CreatePool Resource.DeletePool Resource.EditPool Resource.HotMigrate Resource.MovePool Resource.QueryVMotion Resource.RenamePool ScheduledTask.Create ScheduledTask.Delete ScheduledTask.Edit ScheduledTask.Run Sessions.GlobalMessage Sessions.ValidateSession StorageProfile.Update StorageProfile.View StorageViews.View System.Anonymous System.Read System.View Trust.Manage VApp.ApplicationConfig VApp.AssignResourcePool VApp.AssignVApp VApp.AssignVM VApp.Clone VApp.Create VApp.Delete VApp.Export VApp.ExtractOvfEnvironment VApp.Import VApp.InstanceConfig VApp.ManagedByConfig VApp.Move VApp.PowerOff VApp.PowerOn VApp.Rename VApp.ResourceConfig VApp.Suspend VApp.Unregister VirtualMachine.Config.AddExistingDisk VirtualMachine.Config.AddNewDisk VirtualMachine.Config.AddRemoveDevice VirtualMachine.Config.AdvancedConfig VirtualMachine.Config.Annotation VirtualMachine.Config.CPUCount VirtualMachine.Config.ChangeTracking VirtualMachine.Config.DiskExtend VirtualMachine.Config.DiskLease VirtualMachine.Config.EditDevice VirtualMachine.Config.HostUSBDevice VirtualMachine.Config.ManagedBy VirtualMachine.Config.Memory VirtualMachine.Config.MksControl VirtualMachine.Config.QueryFTCompatibility VirtualMachine.Config.QueryUnownedFiles VirtualMachine.Config.RawDevice VirtualMachine.Config.ReloadFromPath VirtualMachine.Config.RemoveDisk VirtualMachine.Config.Rename VirtualMachine.Config.ResetGuestInfo VirtualMachine.Config.Resource VirtualMachine.Config.Settings VirtualMachine.Config.SwapPlacement VirtualMachine.Config.UpgradeVirtualHardware VirtualMachine.GuestOperations.Execute VirtualMachine.GuestOperations.Modify VirtualMachine.GuestOperations.ModifyAliases VirtualMachine.GuestOperations.Query VirtualMachine.GuestOperations.QueryAliases VirtualMachine.Hbr.ConfigureReplication VirtualMachine.Hbr.MonitorReplication VirtualMachine.Hbr.ReplicaManagement VirtualMachine.Interact.AnswerQuestion VirtualMachine.Interact.Backup VirtualMachine.Interact.ConsoleInteract VirtualMachine.Interact.CreateScreenshot VirtualMachine.Interact.DefragmentAllDisks VirtualMachine.Interact.DeviceConnection VirtualMachine.Interact.DnD VirtualMachine.Interact.GuestControl VirtualMachine.Interact.Pause VirtualMachine.Interact.PowerOff VirtualMachine.Interact.PowerOn VirtualMachine.Interact.PutUsbScanCodes VirtualMachine.Interact.Reset VirtualMachine.Interact.SESparseMaintenance VirtualMachine.Interact.SetCDMedia VirtualMachine.Interact.SetFloppyMedia VirtualMachine.Interact.Suspend VirtualMachine.Interact.ToolsInstall VirtualMachine.Inventory.Create VirtualMachine.Inventory.CreateFromExisting VirtualMachine.Inventory.Delete VirtualMachine.Inventory.Move VirtualMachine.Inventory.Register VirtualMachine.Inventory.Unregister VirtualMachine.Namespace.Event VirtualMachine.Namespace.EventNotify VirtualMachine.Namespace.Management VirtualMachine.Namespace.ModifyContent VirtualMachine.Namespace.Query VirtualMachine.Namespace.ReadContent VirtualMachine.Provisioning.Clone VirtualMachine.Provisioning.CloneTemplate VirtualMachine.Provisioning.CreateTemplateFromVM VirtualMachine.Provisioning.Customize VirtualMachine.Provisioning.DeployTemplate VirtualMachine.Provisioning.DiskRandomAccess VirtualMachine.Provisioning.DiskRandomRead VirtualMachine.Provisioning.FileRandomAccess VirtualMachine.Provisioning.GetVmFiles VirtualMachine.Provisioning.MarkAsTemplate VirtualMachine.Provisioning.MarkAsVM VirtualMachine.Provisioning.ModifyCustSpecs VirtualMachine.Provisioning.PromoteDisks VirtualMachine.Provisioning.PutVmFiles VirtualMachine.Provisioning.ReadCustSpecs VirtualMachine.State.CreateSnapshot VirtualMachine.State.RemoveSnapshot VirtualMachine.State.RenameSnapshot VirtualMachine.State.RevertToSnapshot VirtualMachineClasses.Manage Vsan.Cluster.ShallowRekey vService.CreateDependency vService.DestroyDependency vService.ReconfigureDependency vService.UpdateDependency vSphereDataProtection.Protection vSphereDataProtection.Recovery
For more information on the permissions granted by each privilege, see the vSphere Defined Privileges reference.
