Content Libraries provide simple and effective management for virtual machine templates and vApps. Content library privileges control who can view or manage different aspects of content libraries.
You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.
Note: Inheritance of permissions for content libraries works in the context of a single
vCenter Server instance. However, content libraries are not direct children of a
vCenter Server system from an inventory perspective. The direct parent for content libraries is the global root. This relationship means that if you set a permission at a
vCenter Server level and propagate it to the children objects, the permission applies to data centers, folders, clusters, hosts, virtual machines, and so on, but does not apply to the content libraries that you see and operate with in this
vCenter Server instance. To assign a permission on a content library, an Administrator must grant the permission to the user as a global permission. Global permissions support assigning privileges across solutions from a global root object.
| Privilege Name in the vSphere Client | Description | Required On | Privilege Name in the API |
|---|---|---|---|
| Add library item | Allows addition of items in a library. | Library | ContentLibrary.AddLibraryItem |
| Add root certificate to trust store | Allows addition of root certificates to the Trusted Root Certificates Store. | vCenter Server | ContentLibrary.AddCertToTrustStore |
| Check in a template | Allows checking in of templates. | Library | ContentLibrary.CheckInTemplate |
| Check out a template | Allows checking out of templates. | Library | ContentLibrary.CheckOutTemplate |
| Create a subscription for a published library | Allows creation of a library subscription. | Library | ContentLibrary.AddSubscription |
| Create local library | Allows creation of local libraries on the specified vCenter Server system. | vCenter Server | ContentLibrary.CreateLocalLibrary |
| Create or delete a Harbor registry | Allows creation or deletion of the VMware Tanzu Harbor Registry service. | vCenter Server for creation. Registry for deletion. | ContentLibrary.ManageRegistry |
| Create subscribed library | Allows creation of subscribed libraries. | vCenter Server | ContentLibrary.CreateSubscribedLibrary |
| Create, delete or purge a Harbor registry project | Allows creation, deletion, or purging of VMware Tanzu Harbor Registry projects. | Registry | ContentLibrary.ManageRegistryProject |
| Delete library item | Allows deletion of library items. | Library. Set this permission to propagate to all library items. |
ContentLibrary.DeleteLibraryItem |
| Delete local library | Allows deletion of a local library. | Library | ContentLibrary.DeleteLocalLibrary |
| Delete root certificate from trust store | Allows deletion of root certificates from the Trusted Root Certificates Store. | vCenter Server | ContentLibrary.DeleteCertFromTrustStore |
| Delete subscribed library | Allows deletion of a subscribed library. | Library | ContentLibrary.DeleteSubscribedLibrary |
| Delete subscription of a published library | Allows deletion of a subscription to a library. | Library | ContentLibrary.DeleteSubscription |
| Download files | Allows download of files from the content library. | Library | ContentLibrary.DownloadSession |
| Evict library item | Allows eviction of items. The content of a subscribed library can be cached or not cached. If the content is cached, you can release a library item by evicting it if you have this privilege. | Library. Set this permission to propagate to all library items. |
ContentLibrary.EvictLibraryItem |
| Evict subscribed library | Allows eviction of a subscribed library. The content of a subscribed library can be cached or not cached. If the content is cached, you can release a library by evicting it if you have this privilege. | Library | ContentLibrary.EvictSubscribedLibrary |
| Import Storage | Allows a user to import a library item if the source file URL starts with ds:// or file://. This privilege is deactivated for content library administrator by default. Because an import from a storage URL implies import of content, activate this privilege only if necessary and if no security concern exists for the user who performs the import. |
Library | ContentLibrary.ImportStorage |
| Manage Harbor registry resources on specified compute resource | Allows management of VMware Tanzu Harbor Registry resources. | Compute cluster | ContentLibrary.ManageClusterRegistryResource |
| Probe subscription information | This privilege allows solution users and APIs to probe a remote library's subscription info including URL, SSL certificate, and password. The resulting structure describes whether the subscription configuration is successful or whether there are problems such as SSL errors. | Library | ContentLibrary.ProbeSubscription |
| Publish a library item to its subscribers | Allows publication of library items to subscribers. | Library. Set this permission to propagate to all library items. |
ContentLibrary.PublishLibraryItem |
| Publish a library to its subscribers | Allows publication of libraries to subscribers. | Library | ContentLibrary.PublishLibrary |
| Read storage | Allows reading of content library storage. | Library | ContentLibrary.ReadStorage |
| Sync library item | Allows synchronization of library items. | Library. Set this permission to propagate to all library items. |
ContentLibrary.SyncLibraryItem |
| Sync subscribed library | Allows synchronization of subscribed libraries. | Library | ContentLibrary.SyncLibrary |
| Type introspection | Allows a solution user or API to introspect the type support plug-ins for the content library service. | Library | ContentLibrary.TypeIntrospection |
| Update configuration settings | Allows you to update the configuration settings. No vSphere Client user interface elements are associated with this privilege. |
Library | ContentLibrary.UpdateConfiguration |
| Update files | Allows you to upload content into the content library. Also allows you to remove files from a library item. | Library | ContentLibrary.UpdateSession |
| Update library | Allows updates to the content library. | Library | ContentLibrary.UpdateLibrary |
| Update library item | Allows updates to library items. | Library. Set this permission to propagate to all library items. |
ContentLibrary.UpdateLibraryItem |
| Update local library | Allows updates of local libraries. | Library | ContentLibrary.UpdateLocalLibrary |
| Update subscribed library | Allows you to update the properties of a subscribed library. | Library | ContentLibrary.UpdateSubscribedLibrary |
| Update subscription of a published library | Allows updates of subscription parameters. Users can update parameters such as the subscribed library's vCenter Server instance specification and placement of its virtual machine template items. | Library | ContentLibrary.UpdateSubscription |
| View configuration settings | Allows you to view the configuration settings. No vSphere Client user interface elements are associated with this privilege. |
Library | ContentLibrary.GetConfiguration |
