Host local operations privileges control actions performed when the VMware Host Client is connected directly to a host.

You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.

Table 1. Host Local Operations Privileges
Privilege Name in the vSphere Client Description Required On Privilege Name in the API
  • Local operations
    • Add host to vCenter

Allows installation and removal of vCenter agents, such as vpxa and aam, on a host.

Root host

Host.Local.InstallAgent
  • Local operations
    • Create virtual machine

Allows creation of a new virtual machine from scratch on a disk without registering it on the host.

Root host

Host.Local.CreateVM
  • Local operations
    • Delete virtual machine

Allows deletion of a virtual machine on disk. Supported for registered and unregistered virtual machines.

Root host

Host.Local.DeleteVM
  • Local operations
    • Manage user groups

Allows management of local accounts on a host.

Root host

Host.Local.ManageUserGroups
  • Local operations
    • Reconfigure virtual machine

Allows reconfiguring a virtual machine.

Root host

Host.Local.ReconfigVM