To support View Composer or instant clones, the vCenter Server user must have privileges in addition to those required to support Horizon 7.

View Composer and Instant Clone Privileges lists the superset of privileges needed for View Manager, View Composer, and instant clones.

Table 1. View Composer and Instant Clone Privileges
Privilege Group on vCenter Server Privileges to Enable

Create folder

Delete folder


Allocate space

Browse datastore

Low level file operations


In Inventory

  • Modify Cluster
Virtual machine

In Configuration (all)

In Interaction:

  • Power Off
  • Power On
  • Reset
  • Suspend
  • Perform wipe or shrink operations
  • Device connection

In Inventory (all)

In Snapshot management (all)

In Provisioning:

  • Customize
  • Deploy template
  • Read customization specifications
  • Clone template
  • Clone Virtual Machine
  • Allow disk access
Resource Assign virtual machine to resource pool

The following privilege is required to perform View Composer rebalance operations.

Migrate powered off virtual machine

Enable methods

Disable methods

System tag

Manage custom attributes

Set custom attribute

The following privilege is required to implement View Storage Accelerator, which enables ESXi host caching. The vCenter Server user requires this privilege even if you do not use View Storage Accelerator.

Act as vCenter Server

Network (all)
Profile Driven Storage (all--If you are using vSAN datastores or Virtual Volumes)
Storage views


Cryptographic operations The following privileges are required if you use instant clones VMs with a Trusted Platform Module (vTPM) device.
  • Clone
  • Decrypt
  • Direct Access
  • Encrypt
  • Manage KMS
  • Migrate
  • Register Host