Content Libraries provide simple and effective management for virtual machine templates and vApps. Content library privileges control who can view or manage different aspects of content libraries.

You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.

Note: Inheritance of permissions for content libraries works in the context of a single vCenter Server instance. However, content libraries are not direct children of a vCenter Server system from an inventory perspective. The direct parent for content libraries is the global root. This means that if you set a permission at a vCenter Server level and propagate it to the children objects, the permission applies to data centers, folders, clusters, hosts, virtual machines, and so on, but does not apply to the content libraries that you see and operate with in this vCenter Server instance. To assign a permission on a content library, an Administrator must grant the permission to the user as a global permission. Global permissions support assigning privileges across solutions from a global root object.
Table 1. Content Library Privileges
Privilege Name Description Required On
Content library.Add library item Allows addition of items in a library. Library
Content library.Add root certificate to trust store Allows addition of root certificates to the Trusted Root Certificates Store. vCenter Server
Content library.Check in a template Allows checking in of templates. Library
Content library.Check out a template Allows checking out of templates. Library
Content library.Create a subscription for a published library Allows creation of a library subscription. Library
Content library.Create local library Allows creation of local libraries on the specified vCenter Server system. vCenter Server
Content library.Create or delete a Harbor registry Allows creation or deletion of the VMware Tanzu Harbor Registry service. vCenter Server for creation. Registry for deletion.
Content library.Create subscribed library Allows creation of subscribed libraries. vCenter Server
Content library.Create, delete or purge a Harbor registry project Allows creation, deletion, or purging of VMware Tanzu Harbor Registry projects. Registry
Content library.Delete library item Allows deletion of library items.

Library. Set this permission to propagate to all library items.

Content library.Delete local library Allows deletion of a local library. Library
Content library.Delete root certificate from trust store Allows deletion of root certificates from the Trusted Root Certificates Store. vCenter Server
Content library.Delete subscribed library Allows deletion of a subscribed library. Library
Content library.Delete subscription of a published library Allows deletion of a subscription to a library. Library
Content library.Download files Allows download of files from the content library. Library
Content library.Evict library item Allows eviction of items. The content of a subscribed library can be cached or not cached. If the content is cached, you can release a library item by evicting it if you have this privilege.

Library. Set this permission to propagate to all library items.

Content library.Evict subscribed library Allows eviction of a subscribed library. The content of a subscribed library can be cached or not cached. If the content is cached, you can release a library by evicting it if you have this privilege. Library
Content library.Import Storage Allows a user to import a library item if the source file URL starts with ds:// or file://. This privilege is disabled for content library administrator by default. Because an import from a storage URL implies import of content, enable this privilege only if necessary and if no security concern exists for the user who performs the import. Library
Content library.Manage Harbor registry resources on specified compute resource Allows management of VMware Tanzu Harbor Registry resources. Compute cluster
Content library.Probe subscription information This privilege allows solution users and APIs to probe a remote library's subscription info including URL, SSL certificate, and password. The resulting structure describes whether the subscription configuration is successful or whether there are problems such as SSL errors. Library
Content library.Publish a library item to its subscribers Allows publication of library items to subscribers.

Library. Set this permission to propagate to all library items.

Content library.Publish a library to its subscribers Allows publication of libraries to subscribers. Library
Content library.Read storage Allows reading of content library storage. Library
Content library.Sync library item Allows synchronization of library items.

Library. Set this permission to propagate to all library items.

Content library.Sync subscribed library Allows synchronization of subscribed libraries. Library
Content library.Type introspection Allows a solution user or API to introspect the type support plug-ins for the content library service. Library
Content library.Update configuration settings Allows you to update the configuration settings.

No vSphere Client user interface elements are associated with this privilege.

Library
Content library.Update files Allows you to upload content into the content library. Also allows you to remove files from a library item. Library
Content library.Update library Allows updates to the content library. Library
Content library.Update library item Allows updates to library items.

Library. Set this permission to propagate to all library items.

Content library.Update local library Allows updates of local libraries. Library
Content library.Update subscribed library Allows you to update the properties of a subscribed library. Library
Content library.Update subscription of a published library Allows updates of subscription parameters. Users can update parameters such as the subscribed library's vCenter Server instance specification and placement of its virtual machine template items. Library
Content library.View configuration settings Allows you to view the configuration settings.

No vSphere Client user interface elements are associated with this privilege.

Library