Permissions privileges control the assigning of roles and permissions.
You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.
| Privilege Name in the vSphere Client | Description | Required On | Privilege Name in the API |
|---|---|---|---|
| Modify permission | Allows defining one or more permission rules on an entity, or updating rules if rules are already present for the given user or group on the entity. To have permission to perform this operation, a user or group must have this privilege assigned in both the object and its parent object. |
Any object plus parent object |
Authorization.ModifyPermissions |
| Modify privilege | Allows modifying a privilege's group or description. No vSphere Client user interface elements are associated with this privilege. |
Any object |
Authorization.ModifyPrivileges |
| Modify role | Allows updating a role's name and the privileges that are associated with the role. |
Any object |
Authorization.ModifyRoles |
| Modify vTContainer | Allows creating, updating, and deleting vTContainer instances. | vTContainer objects | Authorization.ModifyVTContainers |
| Modify vTContainer mappings | Allows creating and deleting a vTContainer mapping. | vTContainer mapping objects | Authorization.ModifyVTContainerMappings |
| Reassign role permissions | Allows reassigning all permissions of a role to another role. |
Any object |
Authorization.ReassignRolePermissions |
