vSphere Tagging privileges control the ability to create and delete tags and tag categories, and assign and remove tags on vCenter Server inventory objects.
You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.
| Privilege Name in the vSphere Client | Description | Required On | Privilege Name in the API |
|---|---|---|---|
| Assign or Unassign vSphere Tag | Allows assignment or unassignment of a tag for an object in the vCenter Server inventory. |
Any object |
InventoryService.Tagging.AttachTag |
| Assign or Unassign vSphere Tag on Object | Allows objects to have tags assigned or unassigned. Use this privilege to limit which objects users are able to assign or unassign tags to. | Any object |
InventoryService.Tagging.ObjectAttachable |
| Create vSphere Tag | Allows creation of a tag. |
Any object |
InventoryService.Tagging.CreateTag |
| Create vSphere Tag Category | Allows creation of a tag category. |
Any object |
InventoryService.Tagging.CreateCategory |
| Delete vSphere Tag | Allows deletion of a tag. |
Any object |
InventoryService.Tagging.DeleteTag |
| Delete vSphere Tag Category | Allows deletion of a tag category. | Any object |
InventoryService.Tagging.DeleteCategory |
| Edit vSphere Tag | Allows editing of a tag. |
Any object |
InventoryService.Tagging.EditTag |
| Edit vSphere Tag Category | Allows editing of a tag category. |
Any object |
InventoryService.Tagging.EditCategory |
| Modify UsedBy Field for Category | Allows changing the UsedBy field for a tag category. |
Any object |
InventoryService.Tagging.ModifyUsedByForCategory |
| Modify UsedBy Field for Tag | Allows changing the UsedBy field for a tag. |
Any object |
InventoryService.Tagging.ModifyUsedByForTag |
