To configure vSphere Lifecycle Manager settings and to use successfully vSphere Lifecycle Manager baselines and images, you must have the proper privileges. Similarly, you need the proper privileges to use vSphere Configuration Profiles.

You can assign vSphere Lifecycle Manager and vSphere Configuration Profiles privileges to different roles in the vSphere Client.

vSphere Lifecycle Manager Privileges For Using Images

When you use vSphere Lifecycle Manager images, you need a different set of privileges for each task.

Table 1. VMware vSphere vSphere Lifecycle Manager Privileges For Using Images
Task Privilege in the vSphere Client Privilege in the API
Set Up Image
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Read
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Write
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Read
  • VcIntegrity.lifecycleSoftwareSpecification.Read
  • VcIntegrity.lifecycleSoftwareSpecification.Write
  • VcIntegrity.lifecycleSettings.Read
Import Image
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Read
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Write
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Read
  • VMware vSphere Lifecycle Manager .Upload File.Upload upgrade images and offline bundles
  • VcIntegrity.lifecycleSoftwareSpecification.Read
  • VcIntegrity.lifecycleSoftwareSpecification.Write
  • VcIntegrity.lifecycleSettings.Read
  • VcIntegrity.FileUpload.com.vmware.vcIntegrity.ImportFile
Export Image VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Read VcIntegrity.lifecycleSoftwareSpecification.Read
Edit Image
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Read
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Write
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Read
  • VcIntegrity.lifecycleSoftwareSpecification.Read
  • VcIntegrity.lifecycleSoftwareSpecification.Write
  • VcIntegrity.lifecycleSettings.Read
Work with Recommendations
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Read
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Write
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Read
  • VcIntegrity.lifecycleSoftwareSpecification.Read
  • VcIntegrity.lifecycleSoftwareSpecification.Write
  • VcIntegrity.lifecycleSettings.Read
Work with Depot
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Read
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Write
  • VcIntegrity.lifecycleSoftwareSpecification.Read
  • VcIntegrity.lifecycleSoftwareSpecification.Write
Manage Depot Overrides
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Read
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Write
  • VcIntegrity.lifecycleSoftwareSpecification.Read
  • VcIntegrity.lifecycleSoftwareSpecification.Write
Check Compliance VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Read VcIntegrity.lifecycleSoftwareSpecification.Read
Run Remediation Pre-Check
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: General Privileges.Read
  • VMware vSphere Lifecycle Manager.ESXi Health Perspectives.Read
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Remediation Privileges.Read
  • VcIntegrity.lifecycleGeneral.Read
  • VcIntegrity.lifecycleHealth.Read
  • VcIntegrity.lifecycleSoftwareRemediation.Read
Remediate Against an Image
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: General Privileges.Read
  • VMware vSphere Lifecycle Manager.ESXi Health Perspectives.Read
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Remediation Privileges.Read
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Remediation Privileges.Write
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Read
  • VcIntegrity.lifecycleGeneral.Read
  • VcIntegrity.lifecycleHealth.Read
  • VcIntegrity.lifecycleSoftwareRemediation.Read
  • VcIntegrity.lifecycleSoftwareRemediation.Write
  • VcIntegrity.lifecycleSettings.Read
Edit Remediation Settings
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Read
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Write
  • VcIntegrity.lifecycleSettings.Read
  • VcIntegrity.lifecycleSettings.Write
Update Firmware
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Read
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Write
  • VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Read
  • VcIntegrity.lifecycleSoftwareSpecification.Read
  • VcIntegrity.lifecycleSoftwareSpecification.Write
  • VcIntegrity.lifecycleSettings.Write
View Hardware Compatibility VMware vSphere Lifecycle Manager.Lifecycle Manager: Hardware Compatibility Privileges.Access Hardware Compatibility VcIntegrity.HardwareCompatibility.Read
Stage an Image VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Remediation Privileges.Write VcIntegrity.lifecycleSoftwareRemediation.Write

For more information about managing users, groups, roles, and permissions, see the vSphere Security documentation.

vSphere Lifecycle Manager Privileges For Using Baselines

Each of the vSphere Lifecycle Manager privileges that you need to use baselines and baseline groups covers a distinct functionality.

Table 2. VMware vSphere Lifecycle Manager Privileges For Using Baselines
Task Privilege in the vSphere Client Privilege in the API Description
Configure Configure.Configure Service VcIntegrity.General.com.vmware.vcIntegrity.Configure Configure the vSphere Lifecycle Manager service and the scheduled patch download task.
Manage Baseline Manage Baselines.Attach Baseline VcIntegrity.Baseline.com.vmware.vcIntegrity.AssignBaselines Attach baselines and baseline groups to objects in the vSphere inventory.
Manage Baselines.Manage Baselines VcIntegrity.Baseline.com.vmware.vcIntegrity.ManageBaselines Create, edit, or delete baselines and baseline groups.
Manage Patches and Upgrades Manage Patches and Upgrades.Remediate to Apply Patches, Extensions, and Upgrades VcIntegrity.Updates.com.vmware.vcIntegrity.Remediate Remediate virtual machines and hosts to apply patches, extensions, or upgrades. In addition, this privilege allows you to view the compliance status of objects.
Manage Patches and Upgrades .Scan for Applicable Patches, Extensions, and Upgrades VcIntegrity.Updates.com.vmware.vcIntegrity.Scan Scan virtual machines and hosts to search for applicable patches, extensions, or upgrades.
Manage Patches and Upgrades .Stage Patches and Extensions VcIntegrity.Updates.com.vmware.vcIntegrity.Stage Stage patches or extensions to hosts. In addition, this privilege allows you to view the compliance status of hosts.
Manage Patches and Upgrades .View Compliance Status VcIntegrity.Updates.com.vmware.vcIntegrity.ViewStatus View baseline compliance information for an object in the vSphere inventory.
Upload File Upload File.Upload upgrade images and offline bundles VcIntegrity.FileUpload.com.vmware.vcIntegrity.ImportFile Upload upgrade images and offline patch bundles.

For more information about managing users, groups, roles, and permissions, see the vSphere Security documentation.

Required Privileges for Using vSphere Configuration Profiles

When you use vSphere Configuration Profiles, you need a different set of privileges for each task.

Table 3. Required Privileges For Using vSphere Configuration Profiles
Task Privilege in the vSphere Client Privilege in the API Description
Create Cluster with vSphere Configuration Profiles enabled

Host.Inventory.CreateCluster

 Host.Inventory.CreateCluster Create a cluster along with its initial configuration.
View Host Settings in the Cluster Configuration VMware vSphere Lifecycle Manager .Desired Configuration Management Privileges.Read-only access to desired configuration management platform VcIntegrity.ClusterConfiguration.View View the draft configuration document, current configuration settings, compliance reports, and pre-check reports.
Check Cluster Compliance
View Compliance Results
Run Remediation Pre-Check
View Remediation Pre-Check Results
View Draft Pre-Check Results
Remediate a Cluster Against the Desired Cluster Configuration VMware vSphere Lifecycle Manager .Desired Configuration Management Privileges.Remediate cluster to the desired configuration. VcIntegrity.ClusterConfiguration.Remediate Remediate a cluster against the draft configuration or transition a cluster to the desired configuration.
Transition to vSphere Configuration Profiles
Export a Configuration or Configuration Schema VMware vSphere Lifecycle Manager .Desired Configuration Management Privileges.Export desired cluster configuration VcIntegrity.ClusterConfiguration.Export Export the desired cluster configuration document.
Extract a Configuration Document from a Reference Host VMware vSphere Lifecycle Manager .Desired Configuration Management Privileges.Modify desired cluster configuration. VcIntegrity.ClusterConfiguration.Modify Modify the desired cluster configuration by crating a draft configuration, extracting a configuration document from a reference host, or importing a configuration.
Create a Draft Configuration for a Cluster
Import a Configuration