The following tables list the default privileges that, when selected for a role, can be paired with a user and assigned to an object.
vCenter Server allows fine-grained control over authorization with permissions and roles. When you assign a permission to an object in the vCenter Server object hierarchy, you specify which user or group has which privileges on that object. To specify the privileges, you use roles, which are sets of privileges. For more information, see:
When setting permissions, verify all the object types are set with appropriate privileges for each particular action. Some operations require access permission at the root folder or parent folder in addition to access to the object being manipulated. Some operations require access or performance permission at a parent folder and a related object.
vCenter Server extensions might define additional privileges not listed here. Refer to the documentation for the extension for more information on those privileges.