Privileges Required for Inventory Management

Navigating the inventory requires a user account that can connect to the server and obtain a valid session. The user identity associated with the session is called a principal. When a client application attempts to access an object in the inventory, the server checks the permission object or objects and compares the permissions with the principal’s privileges.

For example, creating a virtual machine requires that the principal associated with the session have the following privileges:

The

VirtualMachine.Inventory.Create

privilege on the folder in which to create the virtual machine.

The

Resource.AssignVMToPool

privilege on the resource pool from which the virtual machine obtains its allocation of CPU and memory resources.

Reading the

perfCounter

property of the

PerformanceManager

managed object requires the

System.View

privilege on the root folder.

Some privileges are specific to objects on vCenter Server or specific to ESXi. For example, the

Alarm.Create

privilege associated with

AlarmManager

is available only through vCenter Server systems.

See Authentication and Authorization for more information on authentication, authorization, roles, and user identity.

Datacenter Inventory

Privileges

Permissions

Content feedback and comments

VMware vSphere SDKs and Tools 8.0

Privileges Required for Inventory Management