To configure your vCenter Adapter instance in vRealize Operations, you need sufficient privileges to monitor and collect data and to perform vCenter Server actions. You can configure these permissions as a single role in vCenter Server to be used by a single service account or configure them as two independent roles for two separate service accounts.
Task | Privilege |
---|---|
Property Collection |
System > Anonymous
Note: This privilege is added automatically when you create a user account. However, this privilege is not visible in
vSphere.
|
Objects Discovery Events Collection |
Profile-Driven Storage > View Storage views > View Profile-Driven Storage > Profile-Driven Storage View Datastore > Browse Datastore
System > View
Note: This privilege is added automatically when you create a user account. However, this privilege is not visible in
vSphere.
|
Performance Metrics Collection | Performance > Modify intervals
System > Read
Note: This privilege is added automatically when you create a user account. However, this privilege is not visible in
vSphere.
|
Service Discovery | For credential-based service discovery Virtual Machine > Guest Operations > Guest Operation alias modificationVirtual Machine > Guest Operations > Guest Operation alias query Virtual Machine > Guest Operations > Guest Operation modifications Virtual Machine > Guest Operations > Guest Operation program execution Virtual Machine > Guest Operations > Guest Operation queries |
For credential-less service discovery Virtual machine > Service configuration > Manage service configurationsVirtual machine > Service configuration > Modify service configuration Virtual machine > Service configuration > Query service configurations Virtual machine > Service configuration > Read service configuration |
|
VC Plugin | Extension > Register extension Extension > Unregister extension Extension > Update extension |
Orphaned Disk | Datastore > Browse datastore |
Authentication on vRealize Operations using VC User and apply actions | privilege.Global.com.vmware.label > vRealize Operations Read Only Role privilege.Global.com.vmware.label > vRealize Operations Power User Role |
Reboot Guest OS for VM | Virtual machine > Interaction > Reset |
Optimize Container | Resource > Assign Virtual Machine to Resource Pool Resource > Migrate Powered Off Virtual Machine Resource > Migrate Powered On Virtual Machine Datastore > Allocate Space Virtual machine -> Edit Inventory > Move |
Schedule Optimize Container | Resource > Assign Virtual Machine to Resource Pool Resource > Migrate Powered Off Virtual Machine Resource > Migrate Powered On Virtual Machine Datastore > Allocate Space Virtual machine -> Edit Inventory > Move |
Provide data to vSphere Predictive DRS | External stats provider > Update External stats provider > Register External stats provider > Unregister vSphere Stats Privileges > Collect Stats Data vSphere Stats Privileges > Modify Stats Configuration vSphere Stats Privileges > Query Stats Data |
Tag Collection | Global > Global tag Global > Global health
Global > Manage custom attributes
Note: This privilege is required only if the tags are associated with custom attributes.
Global > System tag Global > Set custom attribute |
Monitoring and collecting data from vSphere with Tanzu | Administrator
Note: Users with Non-Administrator or custom role must be added to the
ServiceProviderUser group.
Administrator > Single Sign On > Users and Groups > Groups.
The ServiceProviderUsers is a group in the
vCenter Server Single Sign-On Domain. Members of this group can manage the
vSphere with Tanzu and
VMware Cloud on AWS infrastructure.
|
Task | Privilege |
---|---|
Set CPU Count for VM | Virtual Machine > Configuration > Change CPU Count |
Set CPU Resources for VM | Virtual Machine > Configuration > Change Resource |
Set Memory for VM | Virtual Machine > Configuration > Change Memory |
Set Memory Resources for VM | Virtual Machine > Configuration > Change Resource |
Delete Idle VM | Virtual machine > Edit Inventory > Remove |
Delete Powered Off VM | Virtual machine > Edit Inventory > Remove |
Create Snapshot for VM | Virtual Machine > Snapshot Management > Create Snapshot |
Delete Unused Snapshots for Datastore | Virtual Machine > Snapshot Management > Remove Snapshot |
Delete Unused Snapshot for VM | Virtual Machine > Snapshot Management > Remove Snapshot |
Power Off VM | Virtual Machine > Interaction > Power Off |
Power On VM | Virtual Machine > Interaction > Power On |
Shut Down Guest OS for VM | Virtual Machine > Interaction > Power Off |
Move VM |
Note: Combining these four permissions allows the service account to perform Storage vMotion and regular vMotion of an object therefore allowing
vRealize Operations to perform the given operations.
|
Optimize Container |
|
Schedule Optimize Container |
|
Set DRS Automation | Host > Inventory > Modify Cluster |
Provide data to vSphere Predictive DRS | External stats provider > Update External stats provider > Register External stats provider > Unregister |
For more information about tasks and privileges, see Required Privileges for Common Tasks in the vSphere Virtual Machine Administration Guide and Defined Privileges in the vSphere Security Guide.