vSphere with Tanzu provides a sample role, Workload Storage Manager, that includes a set of privileges for storage operations. You can clone this role to create a similar role.

Privilege Name Description Required On
Cns.Searchable Allows storage administrator to see the Cloud Native Storage UI. Root vCenter Server
Datastore.Allocate space

Datastore.Low level file operations

 Allows allocating space on a datastore for a virtual machine, snapshot, clone, or virtual disk.

Allows performing read, write, delete, and rename operations in the datastore browser.

Shared datastore where persistent volumes reside
ESX Agent Manager.Modify Allows modifications to an agent virtual machine such as powering off or deleting the virtual machine. vSphere Pod
Resource.Assign virtual machine to resource pool Allows assignment of a virtual machine to a resource pool. Resource pools
Profile-driven storage.Profile-driven storage view Allows viewing of defined storage policies. Root vCenter Server
Virtual machine.Change Configuration.Add existing disk

Virtual machine.Change Configuration.Add new disk

Virtual machine.Change Configuration.Add or remove device

Virtual machine.Change Configuration.Change Settings

Virtual machine.Change Configuration.Remove disk

Virtual machine.Edit Inventory.Create new

Virtual machine.Edit Inventory.Remove

 Allows creation and deletion of virtual machines. Allows configuration of virtual machine options and devices. vSphere Pod