To allow deploying and managing SDDC components on the Management domain vCenter Server inventory, you assign account permissions to the service account for communication from vRealize Suite Lifecycle Manager to vSphere.

1. In a Web browser, log in to vCenter Server by using the vSphere Client.

   Setting	Value
   URL	https://sfo01m01vc01.sfo01.rainpole.local/ui
   User name	[email protected]
   Password	vsphere_admin_password

2. Assign global permissions to the service account.
   1. Select Menu > Administration.
   2. In the left pane, select Access control > Global permissions.
   3. Click the Add permission icon, enter these values, and click OK.

      Setting	Value
      Domain	rainpole.local
      User/Group	svc-vrslcm-vsphere
      Role	vRealize Suite Lifecycle Manager to vSphere Integration
      Propagate to children	Selected

3. Restrict access to the workload domain in Region A for the svc-vrslcm-vsphere service account.
   1. In the Global inventory lists inventory, under Resources, click vCenter Servers.
   2. Select the Workload domain vCenter Server, sfo01w01vc01.sfo01.rainpole.local, and click the Permissions tab.
   3. In the User/Group column, click the RAINPOLE\svc-vrslcm-vsphere service account, and click the Change role icon.
   4. From the Role drop-down menu, select No access, leave the Propagate to children check-box selected, and click OK.
4. If there are other workload domains that are added to the SDDC, repeat Step 3 for each additional Workload domain vCenter Server.