Sessions privileges control the ability of extensions to open sessions on the vCenter Server system.

You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.

Note: Assign Sessions privileges only to administrators or trusted users.
Table 1. Session Privileges
Privilege Name in the vSphere Client Description Required On Privilege Name in the API
Impersonate user

Allows impersonation of another user. This capability is used by extensions.

Root vCenter Server


Allows setting of the global login message.

Root vCenter Server

Validate session

Allows verification of session validity.

Root vCenter Server

View and stop sessions

Allows viewing sessions and forcing log out of one or more logged-on users.

Root vCenter Server

privilege.StorageProfile.ViewPermissions.label Allows collecting of sessions.

Root vCenter Server