An administrator must have certain vCenter Server privileges to manage full clones and instant clones.

Horizon administrators need to create a custom role in vCenter Server and select the following privileges to manage full clones. The following table lists the minimum vCenter Server privileges to perform basic operations in vCenter Server.

Table 1. Full Clone Privileges
Privilege Group on vCenter Server for Full Clones Task
Datastore Allocate space
Folder
  • Create a folder
  • Delete a folder
Global Act as vCenter Server (required even if you do not use View Storage Accelerator)
Host Implement View Storage Accelerator to enable ESXi host caching: Configure advanced settings.
Profile Driven Storage (All – if you are using Virtual SAN datastores of Virtual Volumes)
Resource Assign virtual machine to a resource pool
Virtual Machine
  • Configuration
    • Add or remove a device
    • Advanced
    • Modify device settings
  • Interaction
    • Perform wipe or shrink operations
    • Power Off
    • Power On
    • Reset
    • Suspend
  • Inventory
    • Create from existing
    • Create new
    • Remove
  • Provisioning
    • Clone template
    • Clone virtual machine
    • Customize
    • Deploy template
    • Read customization specifications
Table 2. Instant Clone Privileges
Privilege Group on vCenter Server for Instant Clones Task
Cryptographic operations Use vTPM with instant clones:
  • Clone
  • Decrypt
  • Direct access
  • Encrypt
  • Manage KMS
  • Migrate
  • Register Host
Datastore
  • Allocate space
  • Browse datastore
Folder
  • Create a folder
  • Delete a folder
Global
  • Act as vCenter Server
  • Disable methods
  • Enable methods
  • Manage custom attributes
  • Set custom attributes
Host
  • Implement View Storage Accelerator: Configure advanced settings
  • Inventory: modify cluster
Network Assign
Profile Driven Storage (All – if you are using Virtual SAN datastores of Virtual Volumes)
Resource
  • Assign virtual machine to a resource pool
  • HotMigrate (required to perform View Composer rebalance operation)
Virtual Machine
  • Configuration
    • Add or remove a device
    • Advanced
    • Change CPU count
    • Change memory
    • Change resource
    • Change settings
    • Configure Host USB device
    • Configure mangedby
    • Configure raw device
    • Display connection settings
    • Extend virtual disk
    • Modify device settings
    • Query fault tolerance compatibility
    • Query unknown files
    • Reload from path
    • Remove disk
    • Rename
    • Reset guest information
    • Set annotation
    • Toggle disk change tracking
    • Toggle fork parent
    • Upgrade virtual machine compatibility
  • Interaction
    • Connect Devices
    • Perform wipe or shrink operations
    • Power Off
    • Power On
    • Reset
    • Suspend
  • Inventory
    • Create from existing
    • Create new
    • Move
    • Register
    • Remove
    • Unregister
  • Snapshot management
    • Create snapshot
    • Rename snapshot
    • Remove snapshot
    • Revert snapshot
  • Provisioning
    • Allow disk access
    • Clone template
    • Clone virtual machine
    • Customize
    • Deploy template
    • Read customization specifications