The vCenter Server user must have sufficient vCenter Server privileges to enable Horizon 7 to perform operations in vCenter Server. Create a View Manager role for the vCenter Server user with the required privileges.

Table 1. Privileges Required for the View Manager Role
Privilege Group Privileges to Enable
Folder Create Folder

Delete Folder

Datastore Allocate space
Virtual Machine
In Configuration:
  • Add or remove device
  • Advanced
  • Modify device settings

In Interaction:

  • Power Off
  • Power On
  • Reset
  • Suspend
  • Perform wipe or shrink operations

In Inventory:

  • Create new
  • Create from existing
  • Remove

In Provisioning:

  • Customize
  • Deploy template
  • Read customization specifications
  • Clone Template
  • Clone Virtual Machine
Resource Assign virtual machine to resource pool

Act as vCenter Server

The vCenter Server user requires this privilege even if you do not use View Storage Accelerator.


The following Host privilege is required to implement View Storage Accelerator, which enables ESXi host caching. If you do not use View Storage Accelerator, the vCenter Server user does not need this privilege.

In Configuration:
  • Advanced settings
Profile Driven Storage (If you are using vSAN datastores or Virtual Volumes) (all)
Cryptographic operations The following privileges are required if you use full clone VMs with a Trusted Platform Module (vTPM) device.
  • Clone
  • Decrypt
  • Direct Access
  • Encrypt
  • Manage KMS
  • Migrate
  • Register Host