Assign global permissions in the ROBO to the operations service account svc-loginsight in order to collect log information from the vCenter Server instance and ESXi hosts using vRealize Log Insight. The svc-loginsight user account is specifically dedicated to collecting log information from vCenter Server and ESXi.  Global permissions provide a consistent mechanism to define permissions across the ROBO.

Procedure

  1. Log in to vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://nyc01vc01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

  2. From the Home menu, select Administration.
  3. Under Access Control, click Roles
  4. Create a role for vRealize Log Insight.
    1. Select Read-only and click the Clone icon.

      You clone the Read-only role because it includes the System > AnonymousSystem > View, and System > Read privileges. vRealize Log Insight requires those privileges for accessing log information related to the vCenter Server instances.

    2. In the Clone Role Read-only dialog box, complete the configuration of the role and click OK

      Setting

      Description

      Role name

      Log Insight User

      Privilege

      • Host > Configuration > Advanced settings

      • Host > Configuration > Change settings

      • Host > Configuration > Network configuration

      • Host > Configuration > Security profile and firewall

      The following privileges are inherited from the Read-only role.

      • System > Anonymous

      • System > View

      • System > Read

      These host privileges allow vRealize Log Insight to configure the syslog service on the ESXi hosts.





  5. Assign global permissions to the svc-loginsight@rainpole.local service account.
    1. In the vSphere Web Client, select Administration from the Home menu and click Global Permissions under Access Control.
    2. On the Manage tab, click Add Permission




    3. In the Global Permissions Root - Add Permission dialog box, click Add to associate a user or a group with a role. 
    4. In the Select Users/Groups dialog box, from the Domain drop-down menu, select rainpole.local, in the filter box type svc, and press Enter. 
    5. From the list of users and groups, select the svc-loginsight user, click Add, and click OK.




    6. In the Add Permission dialog box, from the Assigned Role drop-down menu, select Log Insight User, select Propagate to children, and click OK.

      The global permissions of the svc-loginsight@rainpole.local user propagate to vSphere objects.