Assign global permissions to the operations service accounts to access monitoring data from vCenter Server in vRealize Operations Manager.

  • The svc-vrops-vsphere user has the privileges to collect data from and perform actions on vCenter Server from vRealize Operations Manager.

  • The svc-vrops-nsx user has read-only access on all objects in vCenter Server.

  • The svc-vrops-mpsd and svc-vrops-vsan users have privileges for access to storage device and vSAN information, respectively, in vRealize Operations Manager on all objects in vCenter Server.

You assign global permissions that are based on the following roles to these service accounts:

Service Account

Role

svc-vrops-vsphere@rainpole.local

vSphere Actions User

svc-vrops-nsx@rainpole.local

Read-only

svc-vrops-mpsd@rainpole.local

MPSD Metrics User

svc-vrops-vsan@rainpole.local

MPSD Metrics User

Procedure

  1. Log in to vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://nyc01r01vc01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

  2. From the Home menu, select Administration.
  3. Click Global Permissions under Access Control.
  4. On the Manage tab, click Add permission.
  5. In the Global Permissions Root - Add Permission dialog box, click Add to associate the service account with the role that contains the privileges for accessing data from the inventory.
  6. Add the service account.
    1. In the Select Users/Groups dialog box, from the Domain drop-down menu, select rainpole.local, in the filter box input svc-vrops, and press Enter.
    2. From the list of users and groups, select svc-vrops-vsphere, click Add, and click OK.
  7. Associate the service account with the role.
    1. In the Global Permissions Root - Add Permission dialog box, from the Assigned Role drop-down menu, select vSphere Actions User.
    2. Verify that Propogate to children is selected and click OK.
  8. Repeat the steps to assign global permissions to the other service accounts.