An administrator must have certain vCenter Server privileges to manage full clones and instant clones.

Horizon administrators need to create a custom role in vCenter Server and select the following privileges to manage full clones. The following table lists the minimum vCenter Server privileges to perform basic operations in vCenter Server.

Table 1. Full Clone Privileges
Task Privilege Group on vCenter Server for Full Clones
  • Create a folder
  • Delete a folder
 Folder
Allocate space Datastore
  • Configuration
    • Add or remove a device
    • Advanced
    • Modify device settings
  • Interaction
    • Power Off
    • Power On
    • Reset
    • Suspend
    • Perform wipe or shrink operations
  • Inventory
    • Create new
    • Create from existing
    • Remove
  • Provisioning
    • Customize
    • Deploy template
    • Read customization specifications
    • Clone template
    • Clone virtual machine
 Virtual Machine
Assign virtual machine to a resource pool Resource
Act as vCenter Server (required even if you do not use View Storage Accelerator) Global
(All – if you are using Virtual SAN datastores of Virtual Volumes) Profile Driven Storage
Implement View Storage Accelerator to enable ESXi host caching: Configure advanced settings. Host
Table 2. Instant Clone Privileges
Task Privilege Group on vCenter Server for Instant Clones
  • Create a folder
  • Delete a folder
 Folder
  • Allocate space
  • Browse datastore
 Datastore
  • Configuration
    • Add or remove a device
    • Advanced
    • Modify device settings
    • Change CPU count
    • Change memory
    • Change settings
    • Change resource
    • Configure Host USB device
    • Configure raw device
    • Configure mangedby
    • Display connection settings
    • Extend virtual disk
    • Query fault tolerance compatibility
    • Query unknown files
    • Reload from path
    • Remove disk
    • Rename
    • Reset guest information
    • Set annotation
    • Toggle disk change tracking
    • Toggle fork parent
    • Upgrade virtual machine compatibility
  • Interaction
    • Power Off
    • Power On
    • Reset
    • Suspend
    • Perform wipe or shrink operations
    • Connect Devices
  • Inventory
    • Create new
    • Create from existing
    • Remove
    • Move
    • Register
    • Unregister
  • Snapshot management
    • Create snapshot
    • Remove snapshot
    • Rename snapshot
    • Revert snapshot
  • Provisioning
    • Customize
    • Deploy template
    • Read customization specifications
    • Clone template
    • Clone virtual machine
    • Allow disk access
 Virtual Machine
  • Assign virtual machine to a resource pool
  • HotMigrate (required to perform View Composer rebalance operation)
 Resource
  • Act as vCenter Server
  • Enable methods
  • Disable methods
  • Manage custom attributes
  • Set custom attributes
 Global
  • Inventory: modify cluster
  • Implement View Storage Accelerator: Configure advanced settings
 Host
Assign Network
(All – if you are using Virtual SAN datastores of Virtual Volumes) Profile Driven Storage
Use vTPM with instant clones:
  • Clone
  • Decrypt
  • Direct access
  • Encrypt
  • Manage KMS
  • Migrate
  • Register Host
 Cryptographic operations