vSphere endpoint credentials, or the credentials under which the agent service runs, must have administrative access to the installation host. Multiple vSphere agents must meet vRealize Automation configuration requirements.


When creating an endpoint representing the vCenter Server instance to be managed by a vSphere agent, the agent can use the credentials that the service is running under to interact with the vCenter Server or specify separate endpoint credentials.

The VApp.Import privilege allows you to deploy a vSphere machine by using settings imported from an OVF. Details about this vSphere privilege are available in the vSphere SDK documentation. If you plan to use a vSphere endpoint to deploy VMs from OVF templates, verify that your credentials include the vSphere privilege VApp.Import in the vCenter Server that is associated with the endpoint.

The following table lists the permissions that the vSphere endpoint credentials must have to manage a vCenter Server instance. The permissions must be enabled for all clusters in vCenter Server, not just clusters that will host endpoints.

Table 1. Permissions Required for vSphere Agent to Manage vCenter Server Instance
Attribute Value Permission
Datastore Allocate Space
Browse Datastore
Datastore Cluster Configure a Datastore Cluster
Folder Create Folder
Delete Folder
Global Manage Custom Attributes
Set Custom Attribute
Network Assign Network
Permissions Modify Permission


vApp application configuration

Resource Assign VM to Res Pool
Migrate Powered Off Virtual Machine
Migrate Powered On Virtual Machine
Virtual Machine Inventory Create from existing
Create New
Interaction Configure CD Media
Console Interaction
Device Connection
Power Off
Power On
Tools Install
Configuration Add Existing Disk
Add New Disk
Add or Remove Device
Remove Disk
Change CPU Count
Change Resource
Extend Virtual Disk
Disk Change Tracking
Modify Device Settings
Set Annotation (version 5.0 and later)
Swapfile Placement
Provisioning Customize
Clone Template
Clone Virtual Machine
Deploy Template
Read Customization Specs
State Create Snapshot
Remove Snapshot
Revert to Snapshot

Disable or reconfigure any third-party software that might change the power state of virtual machines outside of vRealize Automation. Such changes can interfere with the management of the machine life cycle by vRealize Automation.