To configure your vCenter Adapter instance in vRealize Operations Cloud, you need sufficient privileges to monitor and collect data and to perform vCenter Server actions. You can configure these permissions as a single role in vCenter Server to be used by a single service account or configure them as two independent roles for two separate service accounts.
| Task | Privilege |
|---|---|
| Property Collection |
System > Anonymous
Note: This privilege is added automatically when you create a user account. However, this privilege is not visible in
vSphere.
|
| Objects Discovery Events Collection |
Profile-Driven Storage > View Storage views > View Profile-Driven Storage > Profile-Driven Storage View Datastore > Browse Datastore
System > View
Note: This privilege is added automatically when you create a user account. However, this privilege is not visible in
vSphere.
|
| Performance Metrics Collection | Performance > Modify intervals
System > Read
Note: This privilege is added automatically when you create a user account. However, this privilege is not visible in
vSphere.
|
| Service Discovery | Virtual Machine > Guest Operations > Guest Operation alias modification Virtual Machine > Guest Operations > Guest Operation alias query Virtual Machine > Guest Operations > Guest Operation modifications Virtual Machine > Guest Operations > Guest Operation program execution Virtual Machine > Guest Operations > Guest Operation queries |
| Tag Collection | Global > Global tag Global > Global health
Global > Manage custom attributes
Note: This privilege is required only if the tags are associated with custom attributes.
Global > System tag Global > Set custom attribute |
| Monitor the Namespace Resource Pool or objects in the Resource Pool. | The account for the adapter instance also needs to be a member of Administrators@vsphere.local on the vCenter Server. |
| Task | Privilege |
|---|---|
| Set CPU Count for VM | Virtual Machine > Configuration > Change CPU Count |
| Set CPU Resources for VM | Virtual Machine > Configuration > Change Resource |
| Set Memory for VM | Virtual Machine > Configuration > Change Memory |
| Set Memory Resources for VM | Virtual Machine > Configuration > Change Resource |
| Delete Idle VM | Virtual machine > Edit Inventory > Remove |
| Delete Powered Off VM | Virtual machine > Edit Inventory > Remove |
| Create Snapshot for VM | Virtual Machine > Snapshot Management > Create Snapshot |
| Delete Unused Snapshots for Datastore | Virtual Machine > Snapshot Management > Remove Snapshot |
| Delete Unused Snapshot for VM | Virtual Machine > Snapshot Management > Remove Snapshot |
| Power Off VM | Virtual Machine > Interaction > Power Off |
| Power On VM | Virtual Machine > Interaction > Power On |
| Shut Down Guest OS for VM | Virtual Machine > Interaction > Power Off |
| Move VM |
Note: Combining these four permissions allows the service account to perform Storage vMotion and regular vMotion of an object therefore allowing
vRealize Operations Cloud to perform the given operations.
|
| Optimize Container |
|
| Schedule Optimize Container |
|
| Set DRS Automation | Host > Inventory > Modify Cluster |
| Provide data to vSphere Predictive DRS | External stats provider > Update External stats provider > Register External stats provider > Unregister |
For more information about tasks and privileges, see Required Privileges for Common Tasks in the vSphere Virtual Machine Administration Guide and Defined Privileges in the vSphere Security Guide.
