Namespaces privileges control who can create and manage VMware vSphere® with VMware Tanzu™ namespaces.
You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.
| Privilege Name in the vSphere Client | Description | Required On | Privilege Name in the API |
|---|---|---|---|
| Allows disk decommission operations | Allows for decommissioning operations of data stores. | Data stores |
Namespaces.ManageDisks |
| Backup Workloads component files | Allows for backing up the contents of the etcd cluster (used only in VMware Cloud on AWS). | Clusters |
Namespaces.Backup |
| List accessible namespaces | Allows listing the accessible namespaces. | Clusters |
Namespaces.ListAccess |
| Modify cluster-wide configuration | Allows modifying the cluster-wide configuration, and activating and deactivating cluster namespaces. |
Clusters |
Namespaces.Manage |
| Modify cluster-wide namespace self-service configuration | Allows modifying the namespace self-service configuration. | Clusters (for activating and deactivating)Templates (for modifying the configuration)vCenter Server (for creating a template) |
Namespaces.SelfServiceManage |
| Modify namespace configuration | Allows modifying namespace configuration options such as resource allocation and user permissions. |
Clusters |
Namespaces.Configure |
| Toggle cluster capabilities | Allows manipulating the state of cluster capabilities (used internally only for VMware Cloud on AWS). | Clusters |
Namespaces.ManageCapabilities |
| Upgrade clusters to newer versions | Allows initiation of the cluster upgrade. | Clusters |
Namespaces.Upgrade |
