Sessions privileges control the ability of extensions to open sessions on the vCenter Server system.
You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.
Note: Assign Sessions privileges only to administrators or trusted users.
| Privilege Name in the vSphere Client | Description | Required On | Privilege Name in the API |
|---|---|---|---|
| Impersonate user | Allows impersonation of another user. This capability is used by extensions. |
Root vCenter Server |
Sessions.ImpersonateUser |
| Message | Allows setting of the global login message. |
Root vCenter Server |
Sessions.GlobalMessage |
| Validate session | Allows verification of session validity. |
Root vCenter Server |
Sessions.ValidateSession |
| View and stop sessions | Allows viewing sessions and forcing log out of one or more logged-on users. |
Root vCenter Server |
Sessions.TerminateSession |
| privilege.StorageProfile.ViewPermissions.label | Allows collecting of sessions. | Root vCenter Server |
Sessions.CollectPrivilegeChecks |
