Global privileges control global tasks related to tasks, scripts, and extensions.
You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.
| Privilege Name in the vSphere Client | Description | Required On | Privilege Name in the API |
|---|---|---|---|
| Act as vCenter Server | Allows preparation or initiation of a vMotion send operation or a vMotion receive operation. |
Root vCenter Server |
Global.VCServer |
| Cancel task | Allows cancelation of a running or queued task. |
Inventory object related to the task | Global.CancelTask |
| Capacity planning | Allows activating the use of capacity planning for planning consolidation of physical machines to virtual machines. |
Root vCenter Server |
Global.CapacityPlanning |
| Diagnostics | Allows retrieval of a list of diagnostic files, log header, binary files, or diagnostic bundle. To avoid potential security breaches, limit this privilege to the vCenter Server Administrator role. |
Root vCenter Server |
Global.Diagnostics |
| Disable methods | Allows servers for vCenter Server extensions to deactivate certain operations on objects managed by vCenter Server. |
Root vCenter Server |
Global.DisableMethods |
| Enable methods | Allows servers for vCenter Server extensions to activate certain operations on objects managed byvCenter Server. |
Root vCenter Server |
Global.EnableMethods |
| Global tag | Allows adding or removing global tags. |
Root host or vCenter Server |
Global.GlobalTag |
| Health | Allows viewing the health of vCenter Server components. |
Root vCenter Server |
Global.Health |
| Licenses | Allows viewing installed licenses and adding or removing licenses. |
Root host or vCenter Server |
Global.Licenses |
| Log event | Allows logging a user-defined event against a particular managed entity. |
Any object |
Global.LogEvent |
| Manage custom attributes | Allows adding, removing, or renaming custom field definitions. |
Root vCenter Server |
Global.ManageCustomFields |
| Proxy | Allows access to an internal interface for adding or removing endpoints to or from the proxy. |
Root vCenter Server |
Global.Proxy |
| Script action | Allows scheduling a scripted action along with an alarm. |
Any object |
Global.ScriptAction |
| Service managers | Allows use of the resxtop command in ESXCLI. |
Root host or vCenter Server |
Global.ServiceManagers |
| Set custom attribute | Allows viewing, creating, or removing custom attributes for a managed object. |
Any object |
Global.SetCustomField |
| Settings | Allows reading and modifying runtime vCenter Server configuration settings. |
Root vCenter Server |
Global.Settings |
| System tag | Allows adding or removing system tags. | Root vCenter Server |
Global.SystemTag |
