Assign global permissions to the operations service accounts in order to access monitoring data from the Management vCenter Server and Compute vCenter Server with vRealize Operations Manager.

About this task

  • The svc-vrops-vsphere and svc-vrops-nsx users have read-only access on all objects in vCenter Server.

  • The svc-vrops-mpsd user has rights that are required for access to vCenter Server storage devices in vRealize Operations.

  • The svc-vrops-vsan user has rights that are required for access to vCenter Server storage devices in vRealize Operations.

In this procedure, you assign global permissions to these service accounts by assigning them the following roles.

User

Role

svc-vrops-vsphere@rainpole.local

Read-only

svc-vrops-nsx@rainpole.local

Read-only

svc-vrops-mpsd@rainpole.local

MPSD Metrics User

svc-vrops-vsan@rainpole.local

MPSD Metrics User

Procedure

  1. Log in to vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://sfo01m01vc01.sfo01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

  2. From the Home menu, select Administration.
  3. Click Global Permissions in the Access Control area.
  4. Click Add permission on the Manage tab.
  5. In the Global Permissions Root - Add Permission dialog box, click Add to associate a user or a group with a role.
  6. In the Select Users/Groups dialog box, select the first user
    1. From the Domain drop-down menu, select rainpole.local
    2. In the filter box type svc-vrops and press Enter.
    3. From the list of users and groups, select svc-vrops-vsphere, click Add, and click OK.
  7. Select a role.
    1. In the Global Permissions Root - Add Permission dialog box, from the Assigned Role drop-down menu, select Read-only.
    2. Ensure that Propogate to children is selected and click OK.
  8. Repeat the steps to assign global permissions to the other service accounts.

    User

    Role

    svc-vrops-vsphere@rainpole.local

    Read-only

    svc-vrops-nsx@rainpole.local

    Read-only

    svc-vrops-mpsd@rainpole.local

    MPSD Metrics User

    svc-vrops-vsan@rainpole.local

    MPSD Metrics User