Datastore privileges control the ability to browse, manage, and allocate space on datastores.

The table describes the privileges required to work with datastores.

You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.

Table 1. Datastore Privileges

Privilege Name


Required On

Datastore > Allocate space

Allows allocating space on a datastore for a virtual machine, snapshot, clone, or virtual disk.


Datastore > Browse datastore

Allows browsing files on a datastore.


Datastore > Configure datastore

Allows configuration of a datastore.


Datastore > Low level file operations

Allows performing read, write, delete, and rename operations in the datastore browser.


Datastore > Move datastore

Allows moving a datastore between folders.

Privileges must be present at both the source and destination.

Datastore, source and destination

Datastore > Remove datastore

Allows removal of a datastore.

This privilege is deprecated.

To have permission to perform this operation, you must have this privilege assigned to both the object and its parent object.


Datastore > Remove file

Allows deletion of files in the datastore.

This privilege is deprecated. Assign the Low level file operations privilege.


Datastore > Rename datastore

Allows renaming a datastore.


Datastore > Update virtual machine files

Allows updating file paths to virtual machine files on a datastore after the datastore has been resignatured.