To configure your vCenter Adapter instance in vRealize Operations Manager, you need sufficient privileges to monitor and collect data and to perform vCenter Server actions. You can configure these permissions as a single role in vCenter Server to be used by a single service account or configure them as two independent roles for two separate service accounts.

The vCenter Adapter instance monitors and collects data from vCenter Server and the vCenter Action adapter performs some actions in vCenter Server. So, for monitoring or collecting vCenter Server inventory and their metrics and properties, the vCenter Adapter instance needs credentials with the following privileges enabled in vCenter Server.

Table 1. Privileges for Configuring a vCenter Adapter: Monitoring and Data Collection
Task Privilege

Property Collection

System > Anonymous

Note: When you add a custom role and do not assign any privileges to it, the role is created as a Read Only role with three system-defined privileges: System.Anonymous, System.View, and System.Read. See, Using Roles to Assign Privileges .

Objects Discovery

Events Collection

Profile-Driven Storage > View

Storage views > View

Profile-Driven Storage > Profile-Driven Storage View

Datastore > Browse Datastore

System > View
Note: This permission is provided with the Read-Only role.
Performance Metrics Collection

Performance > Modify intervals

System > Read
Note: This permission is provided with the Read-Only role.
Service Discovery Virtual Machine > Guest Operations > Guest Operation alias modification

Virtual Machine > Guest Operations > Guest Operation alias query

Virtual Machine > Guest Operations > Guest Operation modifications

Virtual Machine > Guest Operations > Guest Operation program execution

Virtual Machine > Guest Operations > Guest Operation queries

Tag Collection

Global > Global tag

Global > Global health

Global > Manage custom attributes
Note: This privilege is required only if the tags are associated with custom attributes.

Global > System tag

Global > Set custom attribute

Table 2. Privileges for Configuring a vCenter Adapter: Performing vCenter Server Actions
Task Privilege
Set CPU Count for VM Virtual Machine > Configuration > Change CPU Count
Set CPU Resources for VM Virtual Machine > Configuration > Change Resource
Set Memory for VM Virtual Machine > Configuration > Change Memory
Set Memory Resources for VM Virtual Machine > Configuration > Change Resource
Delete Idle VM Virtual machine > Edit Inventory > Remove
Delete Powered Off VM Virtual machine > Edit Inventory > Remove
Create Snapshot for VM Virtual Machine > Snapshot Management > Create Snapshot
Delete Unused Snapshots for Datastore Virtual Machine > Snapshot Management > Remove Snapshot
Delete Unused Snapshot for VM Virtual Machine > Snapshot Management > Remove Snapshot
Power Off VM Virtual Machine > Interaction > Power Off
Power On VM Virtual Machine > Interaction > Power On
Shut Down Guest OS for VM Virtual Machine > Interaction > Power Off
Move VM
  • Resource > Assign Virtual Machine to Resource Pool
  • Resource > Migrate Powered Off Virtual Machine
  • Resource > Migrate Powered On Virtual Machine
  • Datastore > Allocate Space
Note: Combining these four permissions allows the service account to perform Storage vMotion and regular vMotion of an object therefore allowing vRealize Operations Manager to perform the given operations.
Optimize Container
  • Resource > Assign Virtual Machine to Resource Pool
  • Resource > Migrate Powered Off Virtual Machine
  • Resource > Migrate Powered On Virtual Machine
  • Datastore > Allocate Space
Schedule Optimize Container
  • Resource > Assign Virtual Machine to Resource Pool
  • Resource > Migrate Powered Off Virtual Machine
  • Resource > Migrate Powered On Virtual Machine
  • Datastore > Allocate Space
Set DRS Automation Host > Inventory > Modify Cluster
Provide data to vSphere Predictive DRS

External stats provider > Update

External stats provider > Register

External stats provider > Unregister

For more information about tasks and privileges, see Required Privileges for Common Tasks in the vSphere Virtual Machine Administration Guide and Defined Privileges in the vSphere Security Guide.