Assign global permissions to the operations service accounts to access monitoring data from vCenter Server in vRealize Operations Manager.

  • The svc-vrops-vsphere user has the privileges to collect data from and perform actions on vCenter Server from vRealize Operations Manager.

  • The svc-vrops-nsx user has read-only access on all objects in vCenter Server.

  • The svc-vrops-mpsd and svc-vrops-vsan users have privileges for access to storage device and vSAN information, respectively, in vRealize Operations Manager on all objects in vCenter Server.

You assign global permissions that are based on the following roles to these service accounts:

Service Account

Role

svc-vrops-vsphere@rainpole.local

vRealize Operations to vSphere Integration (Actions)
svc-vrops-nsx@rainpole.local

Read-only

svc-vrops-mpsd@rainpole.local

vRealize Operations to vSphere Integration (Metrics)

svc-vrops-vsan@rainpole.local

vRealize Operations to vSphere Integration (Metrics)

Procedure

  1. In a Web browser, log in to vCenter Server by using the vSphere Client.
    Setting Value
    URL https://sfo01m01vc01.sfo01.rainpole.local/ui
    User name administrator@vsphere.local
    Password vsphere_admin_password
  2. Select Menu > Administration.
  3. In the left pane, select Access control > Global permissions.
  4. Click the Add permission icon, enter these values, and click OK.

    Setting

    Value

    Domain

    rainpole.local

    User / Group

    svc-vrops-vsphere

    Role

    vRealize Operations to vSphere Integration (Actions)

    Propagate to children

    Selected

  5. Repeat the steps to assign global permissions to the remaining service accounts.