The vCenter Server user must have sufficient vCenter Server privileges to enable Horizon to perform operations in vCenter Server. Create a Horizon Administrator role for the vCenter Server user with the required privileges. These privileges are only applicable if you do not intend to use instant clones.

Table 1. Minimum vCenter Server Privileges Required for the Horizon Administrator Role Without Instant Clones
Privilege Group Privileges to Enable
Folder Create Folder

Delete Folder

Datastore Allocate space
Virtual Machine
In Configuration:
  • Add or remove device
  • Advanced
  • Modify device settings

In Interaction:

  • Power Off
  • Power On
  • Reset
  • Suspend
  • Perform wipe or shrink operations

In Inventory:

  • Create new
  • Create from existing
  • Remove

In Provisioning:

  • Customize
  • Deploy template
  • Read customization specifications
  • Clone Template
  • Clone Virtual Machine
Resource Assign virtual machine to resource pool
Global

Act as vCenter Server

Host
In Configuration:
  • Advanced settings
Profile Driven Storage (If you are using vSAN datastores or Virtual Volumes) (all)
Cryptographic operations The following privileges are required if you use full clone VMs with a Trusted Platform Module (vTPM) device.
  • Clone
  • Decrypt
  • Direct Access
  • Encrypt
  • Manage KMS
  • Migrate
  • Register Host