vSphere endpoint credentials, or the credentials under which the agent service runs, must have administrative access to the installation host. Multiple vSphere agents must meet vRealize Automation configuration requirements.
When creating an endpoint representing the vCenter Server instance to be managed by a vSphere agent, the agent can use the credentials that the service is running under to interact with the vCenter Server or specify separate endpoint credentials.
The VApp.Import privilege allows you to deploy a vSphere machine by using settings imported from an OVF. Details about this vSphere privilege are available in the vSphere SDK documentation. If you plan to use a vSphere endpoint to deploy VMs from OVF templates, verify that your credentials include the vSphere privilege VApp.Import in the vCenter Server that is associated with the endpoint.
The following table lists the permissions that the vSphere endpoint credentials must have to manage a vCenter Server instance. The permissions must be enabled for all clusters in vCenter Server, not just clusters that will host endpoints.
|Datastore Cluster||Configure a Datastore Cluster|
|Global||Manage Custom Attributes|
|Set Custom Attribute|
vApp application configuration
|Resource||Assign VM to Res Pool|
|Migrate Powered Off Virtual Machine|
|Migrate Powered On Virtual Machine|
|Virtual Machine||Inventory||Create from existing|
|Interaction||Configure CD Media|
|Configuration||Add Existing Disk|
|Add New Disk|
|Add or Remove Device|
|Change CPU Count|
|Extend Virtual Disk|
|Disk Change Tracking|
|Modify Device Settings|
|Set Annotation (version 5.0 and later)|
|Clone Virtual Machine|
|Read Customization Specs|
|Revert to Snapshot|
Disable or reconfigure any third-party software that might change the power state of virtual machines outside of vRealize Automation. Such changes can interfere with the management of the machine life cycle by vRealize Automation.