Content Libraries provide simple and effective management for virtual machine templates and vApps. Content library privileges control who can view or manage different aspects of content libraries.
You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.
Note: Inheritance of permissions for content libraries works in the context of a single
vCenter Server instance. However, content libraries are not direct children of a
vCenter Server system from an inventory perspective. The direct parent for content libraries is the global root. This means that if you set a permission at a
vCenter Server level and propagate it to the children objects, the permission applies to data centers, folders, clusters, hosts, virtual machines, and so on, but does not apply to the content libraries that you see and operate with in this
vCenter Server instance. To assign a permission on a content library, an Administrator must grant the permission to the user as a global permission. Global permissions support assigning privileges across solutions from a global root object.
| Privilege Name | Description | Required On |
|---|---|---|
| Allows addition of items in a library. | Library | |
| Allows addition of root certificates to the Trusted Root Certificates Store. | vCenter Server | |
| Allows checking in of templates. | Library | |
| Allows checking out of templates. | Library | |
| Allows creation of a library subscription. | Library | |
| Allows creation of local libraries on the specified vCenter Server system. | vCenter Server | |
| Allows creation or deletion of the VMware Tanzu Harbor Registry service. | vCenter Server for creation. Registry for deletion. | |
| Allows creation of subscribed libraries. | vCenter Server | |
| Allows creation, deletion, or purging of VMware Tanzu Harbor Registry projects. | Registry | |
| Allows deletion of library items. | Library. Set this permission to propagate to all library items. |
|
| Allows deletion of a local library. | Library | |
| Allows deletion of root certificates from the Trusted Root Certificates Store. | vCenter Server | |
| Allows deletion of a subscribed library. | Library | |
| Allows deletion of a subscription to a library. | Library | |
| Allows download of files from the content library. | Library | |
| Allows eviction of items. The content of a subscribed library can be cached or not cached. If the content is cached, you can release a library item by evicting it if you have this privilege. | Library. Set this permission to propagate to all library items. |
|
| Allows eviction of a subscribed library. The content of a subscribed library can be cached or not cached. If the content is cached, you can release a library by evicting it if you have this privilege. | Library | |
Allows a user to import a library item if the source file URL starts with ds:// or file://. This privilege is disabled for content library administrator by default. Because an import from a storage URL implies import of content, enable this privilege only if necessary and if no security concern exists for the user who performs the import. |
Library | |
| Allows management of VMware Tanzu Harbor Registry resources. | Compute cluster | |
| This privilege allows solution users and APIs to probe a remote library's subscription info including URL, SSL certificate, and password. The resulting structure describes whether the subscription configuration is successful or whether there are problems such as SSL errors. | Library | |
| Allows publication of library items to subscribers. | Library. Set this permission to propagate to all library items. |
|
| Allows publication of libraries to subscribers. | Library | |
| Allows reading of content library storage. | Library | |
| Allows synchronization of library items. | Library. Set this permission to propagate to all library items. |
|
| Allows synchronization of subscribed libraries. | Library | |
| Allows a solution user or API to introspect the type support plug-ins for the content library service. | Library | |
| Allows you to update the configuration settings. No vSphere Client user interface elements are associated with this privilege. |
Library | |
| Allows you to upload content into the content library. Also allows you to remove files from a library item. | Library | |
| Allows updates to the content library. | Library | |
| Allows updates to library items. | Library. Set this permission to propagate to all library items. |
|
| Allows updates of local libraries. | Library | |
| Allows you to update the properties of a subscribed library. | Library | |
| Allows updates of subscription parameters. Users can update parameters such as the subscribed library's vCenter Server instance specification and placement of its virtual machine template items. | Library | |
| Allows you to view the configuration settings. No vSphere Client user interface elements are associated with this privilege. |
Library |
