After the vRealize Operations Manager upgrade, update the vRealize Operations to vSphere Integration (Actions) role with the additional privileges that are required for typical virtual machine life-cycle operations, such as snapshot management and virtual machine resource configuration.
Procedure
- In a Web browser, log in to the management domain vCenter Server by using the vSphere Client.
Setting Value URL https://sfo-m01-vc01.sfo.rainpole.io/ui User name administrator@vsphere.local Password vsphere_admin_password - Select Menu > Administration.
- In the left pane, select Access control > Roles.
- From the Roles provider drop-down menu, select vsphere.local.
- Update the role for collecting data from and performing actions on vCenter Server.
- Select the vRealize Operations to vSphere Integration (Actions) role, click the Edit role action icon, configure these privileges, and click Next.
Category
Privilege
Datastore
Allocate space
Browse Datastore
External stats providerRegister
Unregister
Update
GlobalGlobal tag
Health
Manage custom attributes
Set custom attribute
System tag
HostInventory.Modify Cluster
PerformanceModify intervals
Profile-Driven StorageProfile-driven storage view
Resource
Assign virtual machine to resource pool
Migrate powered off virtual machine
Migrate powered on virtual machine
Storage viewsView
Virtual machine
Change Configuration.Change CPU count
Change Configuration.Change memory
Change Configuration.Change resource
Edit Inventory.Remove
Guest Operations.Guest operation alias modificationGuest Operations.Guest operation alias queryGuest Operations.Guest operation modificationsGuest Operations.Guest operation program executionGuest Operations.Guest operation queriesInteraction.Power off
Interaction.Power on
Snapshot Management.Create snapshot
Snapshot Management.Remove snapshot
- Leave the vRealize Operations to vSphere Integration (Actions) role name and click Finish.
This role inherits the System.Anonymous, System.View, and System.Read privileges.
The management domain vCenter Server in Region A propagates the role to the other linked vCenter Server instances.
- Select the vRealize Operations to vSphere Integration (Actions) role, click the Edit role action icon, configure these privileges, and click Next.