The following tables list the default privileges that, when selected for a role, can be paired with a user and assigned to an object.

When setting permissions, verify all the object types are set with appropriate privileges for each particular action. Some operations require access permission at the root folder or parent folder in addition to access to the object being manipulated. Some operations require access or performance permission at a parent folder and a related object. See also Privilege Recorder.

vCenter Server extensions might define additional privileges not listed here. Refer to the documentation for the extension for more information on those privileges.