Assign global permissions in vSphere for the service accounts used for the vRealize Automation and vRealize Orchestrator to vSphere integration.

You assign global permissions and restrict access to the management domain for the svc-vra-vsphere and svc-vro-vsphere service accounts.


  1. In a Web browser, log in to vCenter Server by using the vSphere Client.
    Setting Value
    URL https://sfo01m01vc01.sfo01.rainpole.local/ui
    User name administrator@vsphere.local
    Password vsphere_admin_password
  2. Select Menu > Administration.
  3. For each service account, assign global permissions.
    1. In the left pane, select Access control > Global permissions.
    2. Click the Add permission icon, configure these settings, and click OK.


      Value for svc-vra-vsphere

      Value for svc-vro-vsphere




      User / group




      vRealize Automation to vSphere Integration

      vRealize Orchestrator to vSphere Integration

      Propagate to children



  4. Restrict access of the vRealize Automation to vSphere Integration service account to the management domain in Region A.
    1. Select Menu > Global Inventory lists.
    2. In the Global inventory lists inventory, select Resources > vCenter Servers.
    3. In the left pane, select sfo01m01vc01.sfo01.rainpole.local and click the Permissions tab.
    4. Select the svc-vra-vsphere service account with the vRealize Automation to vSphere Integration role and click the Change role icon.
    5. In the Change role dialog box, from the Role drop-down menu, select No access, select Propagate to children, and click OK.
    6. Repeat this step for the svc-vro-vsphere service account.