VMware vSphere Lifecycle Manager Image privileges control the ability to manage images.

You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.

Note: Assign privileges that authorize users to invoke VMware vSphere Lifecycle Manager APIs that accept URLs only to administrators or trusted users.
Table 1. VMware vSphere Lifecycle Manager Image Privileges
Privilege Name in the vSphere Client Description Required On Privilege Name in the API
  • Lifecycle Manager: Image Privileges
    • Read
    • Write
 Read allows reading of vSphere Lifecycle Manager images. This privilege is required to:
  • List all the drafts for a cluster
  • Get more information on a draft
  • Perform a scan on a draft
  • Validate a draft
  • Retrieve the contents of a draft
  • Compute the effective component list
  • Get the contents of the current desired state document
  • Start a scan on a cluster
  • Get the compliance result
  • Get a recommendation
  • Export the current desired state as a depot, JSON file, or ISO

Write allows managing of vSphere Lifecycle Manager images. This privilege is required to:

  • Create, delete, or commit a draft
  • Import the desired state
  • Generate recommendations
  • Set or delete different portions of a draft

Root vCenter Server

VcIntegrity.lifecycleSettings.Read

VcIntegrity.lifecycleSettings.Write