Specifying Roles and
Users with the Credential Store
VMware recommends that you apply the
principle of least privilege to any agent-like software or automated
application that uses the credential store in a production environment. Give
user accounts the minimal number of privileges on the system that they require
to do their jobs.
Specify roles and users as follows:
- For each SDK-based application, use one specific role, newly created or predefined, that has appropriate privileges.For example, if you are developing an agent-like application to automatically start the VMware Consolidated Backup utility, you might use the “VMware Consolidated Backup Utility” role (roleID 7).If no predefined user role that meets the needs of your application exists, create a role with only those privileges needed for the application. See Using Roles to Consolidate Sets of Privileges for more information about roles.
- Create a user account for use with the agent or application.
- Store the user account and password in the credential store, using theCredentialStoreAdministrationtool.Never grant administrator privileges to a user account associated with an automated script or software agent, especially one that uses the credential store.