Many tasks require permissions on multiple objects in the inventory. If the user who attempts to perform the task only has privileges on one object, the task cannot complete successfully.

The following table lists common tasks that require more than one privilege. You can add permissions to inventory objects by pairing a user with one of the predefined roles or with multiple privileges. If you expect that you assign a set of privileges multiple times, create custom roles.

If the task that you want to perform is not in this table, the following rules explain where you must assign permissions to allow particular operations:

  • Any operation that consumes storage space requires the Datastore > Allocate Space privilege on the target datastore, and the privilege to perform the operation itself. You must have these privileges, for example, when creating a virtual disk or taking a snapshot.

  • Moving an object in the inventory hierarchy requires appropriate privileges on the object itself, the source parent object (such as a folder or cluster), and the destination parent object.

  • Each host and cluster has its own implicit resource pool that contains all the resources of that host or cluster. Deploying a virtual machine directly to a host or cluster requires the Resource > Assign Virtual Machine to Resource Pool privilege.

Table 1. Required Privileges for Common Tasks

Task

Required Privileges

Applicable Role

Create a virtual machine

On the destination folder or data center:

  • Virtual machine > Inventory > Create new

  • Virtual machine > Configuration > Add new disk (if creating a new virtual disk)

  • Virtual machine > Configuration > Add existing disk (if using an existing virtual disk)

  • Virtual machine > Configuration > Raw device (if using an RDM or SCSI pass-through device)

Administrator

On the destination host, cluster, or resource pool:

Resource > Assign virtual machine to resource pool

Resource pool administrator or Administrator

On the destination datastore or the folder that contains the datastore:

Datastore > Allocate space

Datastore Consumer or Administrator

On the network that the virtual machine will be assigned to:

Network > Assign network

Network Consumer or Administrator

Power on a virtual machine

On the data center in which the virtual machine is deployed:

Virtual machine > Interaction > Power On

Virtual Machine Power User or Administrator

On the virtual machine or folder of virtual machines:

Virtual machine > Interaction > Power On

Deploy a virtual machine from a template

On the destination folder or data center:

  • Virtual machine > Inventory > Create from existing

  • Virtual machine > Configuration > Add new disk

Administrator

On a template or folder of templates:

Virtual machine > Provisioning > Deploy template

Administrator

On the destination host, cluster or resource pool:

Resource > Assign virtual machine to resource pool

Administrator

On the destination datastore or folder of datastores:

Datastore > Allocate space

Datastore Consumer or Administrator

On the network that the virtual machine will be assigned to:

Network > Assign network

Network Consumer or Administrator

Take a virtual machine snapshot

On the virtual machine or a folder of virtual machines:

Virtual machine > Snapshot management > Create snapshot

Virtual Machine Power User or Administrator

Move a virtual machine into a resource pool

On the virtual machine or folder of virtual machines:

  • Resource > Assign virtual machine to resource pool

  • Virtual machine > Inventory > Move

Administrator

On the destination resource pool:

Resource > Assign virtual machine to resource pool

Administrator

Install a guest operating system on a virtual machine

On the virtual machine or folder of virtual machines:

  • Virtual machine > Interaction > Answer question

  • Virtual machine > Interaction > Console interaction

  • Virtual machine > Interaction > Device connection

  • Virtual machine > Interaction > Power Off

  • Virtual machine > Interaction > Power On

  • Virtual machine > Interaction > Reset

  • Virtual machine > Interaction > Configure CD media (if installing from a CD)

  • Virtual machine > Interaction > Configure floppy media (if installing from a floppy disk)

  • Virtual machine > Interaction > VMware Tools install

Virtual Machine Power User or Administrator

On a datastore that contains the installation media ISO image:

Datastore > Browse datastore (if installing from an ISO image on a datastore)

On the datastore to which you upload the installation media ISO image:

  • Datastore > Browse datastore

  • Datastore > Low level file operations

Virtual Machine Power User or Administrator

Migrate a virtual machine with vMotion

On the virtual machine or folder of virtual machines:

  • Resource > Migrate powered on virtual machine

  • Resource > Assign Virtual Machine to Resource Pool (if destination is a different resource pool from the source)

Resource Pool Administrator or Administrator

On the destination host, cluster, or resource pool (if different from the source):

Resource > Assign virtual machine to resource pool

Resource Pool Administrator or Administrator

Cold migrate (relocate) a virtual machine

On the virtual machine or folder of virtual machines:

  • Resource > Migrate powered off virtual machine

  • Resource > Assign virtual machine to resource pool (if destination is a different resource pool from the source)

Resource Pool Administrator or Administrator

On the destination host, cluster, or resource pool (if different from the source):

Resource > Assign virtual machine to resource pool

Resource Pool Administrator or Administrator

On the destination datastore (if different from the source):

Datastore > Allocate space

Datastore Consumer or Administrator

Migrate a virtual machine with Storage vMotion

On the virtual machine or folder of virtual machines:

Resource > Migrate powered on virtual machine

Resource Pool Administrator or Administrator

On the destination datastore:

Datastore > Allocate space

Datastore Consumer or Administrator

Move a host into a cluster

On the host:

Host > Inventory > Add host to cluster

Administrator

On the destination cluster:

Host > Inventory > Add host to cluster

Administrator