Required Privileges for Common Tasks

Many tasks require permissions on more than one object in the inventory. You can review the privileges required to perform the tasks and, where applicable, the appropriate sample roles.

The following table lists common tasks that require more than one privilege. You can use the Applicable Roles on the inventory objects to grant permission to perform these tasks, or you can create your own roles with the equivalent required privileges.

Table 1. Required Privileges for Common Tasks
Task	Required Privileges	Applicable Role
Create a virtual machine	On the destination folder or datacenter: Virtual machine.Inventory.Create new Virtual machine.Configuration.Add new disk (if creating a new virtual disk) Virtual machine.Configuration.Add existing disk (if using an existing virtual disk) Virtual machine.Configuration.Raw device (if using an RDM or SCSI pass-through device)	Administrator
	On the destination host, cluster, or resource pool: Resource.Assign virtual machine to resource pool	Resource pool administrator or Administrator
	On the destination datastore or folder containing a datastore: Datastore.Allocate space	Datastore Consumer or Administrator
	On the network that the virtual machine will be assigned to: Network.Assign network	Network Consumer or Administrator
Power on a virtual machine	On the data center in which the virtual machine is deployed: Virtual machine.Interaction.Power On	Virtual Machine Power User or Administrator
Power on a virtual machine	On the virtual machine or folder of virtual machines: Virtual machine.Interaction.Power On	Virtual Machine Power User or Administrator
Deploy a virtual machine from a template	On the destination folder or datacenter: Virtual machine .Inventory.Create from existing Virtual machine.Configuration.Add new disk	Administrator
	On a template or folder of templates: Virtual machine.Provisioning.Deploy template	Administrator
	On the destination host, cluster or resource pool: Resource.Assign virtual machine to resource pool	Administrator
	On the destination datastore or folder of datastores: Datastore.Allocate space	Datastore Consumer or Administrator
	On the network that the virtual machine will be assigned to: Network.Assign network	Network Consumer or Administrator
Take a virtual machine snapshot	On the virtual machine or a folder of virtual machines: Virtual machine.Snapshot management. Create snapshot	Virtual Machine Power User or Administrator
Move a virtual machine into a resource pool	On the virtual machine or folder of virtual machines: Resource.Assign virtual machine to resource pool Virtual machine.Inventory.Move	Administrator
Move a virtual machine into a resource pool	On the destination resource pool: Resource.Assign virtual machine to resource pool	Administrator
Install a guest operating system on a virtual machine	On the virtual machine or folder of virtual machines: Virtual machine.Interaction.Answer question Virtual machine.Interaction.Console interaction Virtual machine.Interaction.Device connection Virtual machine.Interaction.Power Off Virtual machine.Interaction.Power On Virtual machine.Interaction.Reset Virtual machine.Interaction.Configure CD media (if installing from a CD) Virtual machine.Interaction.Configure floppy media (if installing from a floppy disk) Virtual machine.Interaction.VMware Tools install	Virtual Machine Power User or Administrator
Install a guest operating system on a virtual machine	On a datastore containing the installation media ISO image: Datastore.Browse datastore (if installing from an ISO image on a datastore) On the datastore to which you upload the installation media ISO image: Datastore.Browse datastore Datastore.Low level file operations	Virtual Machine Power User or Administrator
Migrate a virtual machine with vMotion	On the virtual machine or folder of virtual machines: Resource.Migrate powered on virtual machine Resource.Assign Virtual Machine to Resource Pool (if destination is a different resource pool from the source)	Resource Pool Administrator or Administrator
Migrate a virtual machine with vMotion	On the destination host, cluster, or resource pool (if different from the source): Resource.Assign virtual machine to resource pool	Resource Pool Administrator or Administrator
Cold migrate (relocate) a virtual machine	On the virtual machine or folder of virtual machines: Resource.Migrate powered off virtual machine Resource.Assign virtual machine to resource pool (if destination is a different resource pool from the source)	Resource Pool Administrator or Administrator
	On the destination host, cluster, or resource pool (if different from the source): Resource.Assign virtual machine to resource pool	Resource Pool Administrator or Administrator
	On the destination datastore (if different from the source): Datastore.Allocate space	Datastore Consumer or Administrator
Migrate a virtual machine with Storage vMotion	On the virtual machine or folder of virtual machines: Resource.Migrate powered on virtual machine	Resource Pool Administrator or Administrator
Migrate a virtual machine with Storage vMotion	On the destination datastore: Datastore.Allocate space	Datastore Consumer or Administrator
Move a host into a cluster	On the host: Host.Inventory.Add host to cluster	Administrator
Move a host into a cluster	On the destination cluster: Host.Inventory.Add host to cluster	Administrator