Apply the correct product account privileges required to allow Log Assist to collect support bundles.

Specific user account privileges are required by Log Assist to collect support bundles from supported products. Ensure that the user account used to add the product to the Skyline Collector has the required privileges to allow support bundle collection.

Important:

With the release of Skyline Collector 3.1, Log Assist support the collection of support bundles from SDDC Manager.

Important:

Log Assist does not support the collection of support bundles from VMware Aria Operations.

Note:

Log Assist supports the collection of support bundles from the following:

vSphere

  • vCenter Server

  • ESXi

NSX-V (NSX Data Center for vSphere)

  • NSX Manager

  • NSX Controller

  • NSX Edge

NSX-T (NSX-T Data Center)

  • NSX Manager

  • NSX Edge

  • NSX Edge Cluster

Horizon

  • Horizon Connection Server

VMware Aria Automation

  • VMware Aria Automation Instance

VMware Aria Operations for Logs

  • VMware Aria Operations for Logs Cluster

Support bundles needed to assist with troubleshooting vSAN are collected within the ESXi support bundle.

vCenter Server User Account Permissions

The following permissions are required for the account used to add the vCenter Server to the Skyline Collector. These permissions are sufficient for both collecting product usage data and transferring support bundles with Log Assist.

  • vCenter Server Read-Only role

  • Global.Diagnostics

  • Global.Health

  • Global.Licenses

  • Global.Settings

  • Host profile.View

  • Storage views.View

For detailed instructions on creating a user account with the given permissions, see Knowledge Base Article 59661.

Important:

If you have enabled ESXi Host Encryption or vSAN Encryption, the Cryptographic operations > Direct Access permission is required to transfer encrypted support bundles successfully. This permission is only necessary for this reason and is not needed unless you have enabled ESXi Host Encryption or vSAN Encryption. This permission does not apply to Virtual Machine Encryption.

NSX-V (NSX Data Center for vSphere) User Account Permissions

NSX-V (NSX Data Center for vSphere) User Account Permissions For NSX-V version 6.4.5 and below, the NSX Auditor role does not have sufficient privileges to generate and collect support bundles from NSX-V objects. To create and manage support bundles from NSX-V objects, a user account with the NSX Administrator role is required. Therefore, you have two options for adding NSX-V version 6.4.5 to a Skyline Collector.

For the collection of product usage data only:

  • NSX Auditor

Important:

If an account with the NSX Auditor role is used to add NSX-V, the following is displayed within Skyline Advisor:

  • On the Collector Details page, the Status of NSX-V is: Insufficient Privileges.

  • On the Initiate Log Transfer page, the Privileges check for NSX-V, and all NSX-V components fail.

If using an account with the NSX Auditor role, you cannot transfer support bundles to VMware GSS using Skyline Log Assist.

For the collection of both product usage data and transferring support bundles with Log Assist:

  • NSX Administrator

Important:

You must assign the required role/privileges to a user account. Assigning the required role/privileges to a group, and using a user account within that group to add NSX-V to the Skyline Collector will fail privileges check within Skyline Advisor.

For NSX-V version 6.4.6, and above:

The NSX Auditor role in NSX-V version 6.4.6 introduces support for transferring NSX Edge support bundles. This feature was not available in NSX-V versions prior to 6.4.6. As a result, a user account assigned the NSX Auditor role can now be used for both product usage data collection and the transfer of support bundles using Log Assist.

For the collection of both product usage data and transferring support bundles with Log Assist:

  • NSX Administrator

NSX-T (NSX-T Data Center) User Account Permissions

For NSX-T, the NSX Auditor role does not have sufficient permissions to generate and collect support bundles from NSX-T objects. To generate and collect support bundles from NSX-T objects, a user account with the NSX Administrator role is required. For NSX-T version 3.2 and above, you can use the NSX-T Support Bundle Collector role to generate and collect support bundles. Therefore, you have two options for adding NSX-T to a Skyline Collector.

For the collection of product usage data only:

  • NSX Auditor

Important:

If an account with the NSX Auditor role is used to add NSX-T, the following is displayed within Skyline Advisor:

  • On the Collector Details page, the Status of NSX-T is: Insufficient Privileges.

  • On the Initiate Log Transfer page, the privileges check for NSX-T fails.

If using an account with the NSX Auditor role, you cannot transfer support bundles to VMware GSS using Skyline Log Assist.

For the collection of both product usage data and transferring support bundles with Log Assist:

  • NSX Enterprise Administrator

  • NSX Auditor + NSX-T Support Bundle Collector

Note:

The combination of NSX Auditor + NSX-T Support Bundle Collector role is only available in NSX-T versions 3.2 and later.

Important:

You must assign the required permission to a user account. Assigning the required permission to a group, and using a user account within that group to add NSX-T to the Skyline Collector fails the privileges check within the Skyline Advisor.

Horizon 7 Connection Server User Account Permissions

The following role/privileges are required for the account used to add the Horizon Connection Server to the Skyline Collector. These roles/privileges are sufficient for collecting product usage data and transferring support bundles with Log Assist.

  • Administrator (read-only) Role

  • Collect Operation Logs

Important:

If you are using Skyline Collector version 2.3 or below, you must create a new role for Horizon View with the Collect Operations Logs privilege. The role must be named LogCollector.

For Skyline Collector version 2.4 and above, there is no requirement to name the role LogCollector.

VMware Aria Automation User Account Permissions

To get VMware Aria Automation logs, add VMware Aria Suite Lifecycle to the Skyline Collector. The following role is required for collecting product usage data and transferring support bundles with Log Assist:

  • vRealize Suite Lifecycle Manager Administrator

VMware Cloud Foundation User Account Permissions

Log Assist is supported for VMware Cloud Foundation version 4.3.1 or higher.

The following roles are required for the account used to add SDDC Manager to the Skyline Collector:

SDDC Manager VIEWER Role: This role is sufficient for collecting product usage data.

SDDC Manager ADMIN or OPERATOR Role: This role is sufficient for log assist.

Important:

You must assign the required role to the user account. Assigning the required role to a group, and using a user account within that group to add SDDC Manager to the Skyline Collector fails the privileges check within Skyline Advisor.

VMware Aria Operations for Logs User Account Permissions

The following role is recommended for the account to add the VMware Aria Operations for Logs to the Skyline Collector.

  • View Only Admin

This pre-defined role contains all the permissions required by Skyline.

Alternatively, the following are the minimum permissions required to add VMware Aria Operations for Logs to the Skyline Collector:

  • VIEW_CLUSTER: Management -> Cluster -> View

  • VIEW_LICENSE: Management - > License -> View

  • VIEW_VSPHERE_INTEGRATION: Integrations -> vSphere Integration -> View

  • EDIT_INTERACTIVE_ANALYSIS: Explore Logs -> Edit

Note:

Skyline Collector 3.3 only supports local user authentication for VMware Aria Operations for Logs.