VMware user privileges

Ops Center Protector VMware Application Guide

Version
7.6.x
Audience
anonymous
Part Number
MK-99PRT004-07
The VMware user specified when interacting with Protector (i.e. in the context of a hypervisor proxy node or Site Recovery Manager SRA , Site Recovery Manager SRA or vRealize Orchestrator workflow) must have the following privileges assigned in vSphere:
Tip: Some privilege names have changed subtly between vSphere Client UI versions, so a little interpretation may be required. The names used here are consistent with those specified in https://docs.vmware.com/en/VMware-vSphere/6.5/vsphere-esxi-vcenter-server-65-security-guide.pdf
  • Datastore:
    • Allocate space
    • Browse datastore
    • Low level file operations
    • Remove file
    • Rename datastore
    • Update virtual machine files
  • Folder:
    • Create folder
  • Global:
    • Disable methods
    • Enable methods
    • Licenses
    • Log event
    • Manage custom attributes
    • Set custom attribute
  • Host:
    • Configuration:
      • Storage partition configuration
      • Connection Permission (vSphere 7 only)
  • Network:
    • Assign network
    • Configure
  • Resource:
    • Assign virtual machine to resource pool
    • Migrate powered off virtual machine
    • Migrate powered on virtual machine
  • Sessions:
    • Validate session
  • Virtual Machine:
    • Configuration:
      • Add existing disk
      • Add new disk
      • Add or remove device
      • Advanced
      • Change CPU count
      • Change resource
      • Disk change tracking
      • Disk lease
      • Extend virtual disk
      • Host USB device
      • Memory
      • Modify device settings
      • Raw device
      • Reload from path
      • Remove disk
      • Rename
      • Reset guest information
      • Set annotation
      • Settings
      • Swapfile placement
      • Upgrade virtual machine compatibility
    • Guest operations:
      • Guest operation modifications
      • Guest operation program execution
      • Guest operation queries
    • Interaction:
      • Answer question
      • Backup operation on virtual machine
      • Console interaction
      • Device connection
      • Guest operating system management by VIX API
      • Power off
      • Power on
    • Inventory:
      • Create from existing
      • Create new
      • Register
      • Remove
      • Unregister
    • Provisioning:
      • Allow disk access
      • Allow read-only disk access
      • Allow virtual machine download
      • Allow virtual machine files upload
      • Mark as template
      • Mark as virtual machine
    • Snapshot management:
      • Create snapshot
      • Remove snapshot
      • Revert to snapshot
  • dvPort group:
    • Create
    • Delete
  • vApp:
    • Add virtual machine
    • Assign resource pool
    • Unregister
  • vSphere Tagging:
    • Assign or Unassign vSphere Tag
    • Assign or Unassign vSphere Tag on Object (vSphere 7 only)

The System privileges (Anonymous, Read and View) are also required. These are automatically assigned to new and existing roles, but are not visible in the vSphere Client UI.