To support instant clones, the vCenter Server user must have privileges in addition to those required to support VMware Horizon.

Table 1. Minimum vCenter Server Privileges Required for the Horizon Administrator Role with Instant Clones
Privilege Group on vCenter Server Privileges to Enable
Folder

Create folder

Delete folder

Datastore

Allocate space

Browse datastore

Host

In Inventory

  • Modify Cluster

In Configuration

  • Advanced settings
Virtual machine

In Configuration (all)

  • Add or remove device
  • Advanced
  • Modify device settings
  • Change CPU count
  • Change memory
  • Change settings
  • Change resource
  • Configure Host USB device
  • Configure raw device
  • Configure managedby
  • Display connection settings
  • Extend virtual disk
  • Query fault tolerance compatibility
  • Query unowned files
  • Reload from path
  • Remove disk
  • Rename
  • Reset guest information
  • Set annotation
  • Toggle disk change tracking
  • Toggle fork parent
  • Upgrade virtual machine compatibility

In Interaction:

  • Power Off
  • Power On
  • Reset
  • Suspend
  • Perform wipe or shrink operations
  • Device connection

In Inventory (all)

  • Move
  • Register
  • Unregister

In Snapshot management (all)

  • Create snapshot
  • Remove snapshot
  • Rename snapshot
  • Revert snapshot

In Provisioning:

  • Customize
  • Deploy template
  • Read customization specifications
  • Clone template
  • Clone Virtual Machine
  • Allow disk access
Resource

Assign virtual machine to resource pool

HotMigrate

Global

Enable methods

Disable methods

Manage custom attributes

Set custom attribute

Act as vCenter Server

Network Assign
Profile Driven Storage (all--If you are using vSAN datastores or Virtual Volumes)
Storage views Not required
Cryptographic operations The following privileges are required if you use instant clones VMs with a Trusted Platform Module (vTPM) device.
  • Clone
  • Decrypt
  • Direct Access
  • Encrypt
  • Manage KMS
  • Migrate
  • Register Host