Overview
You are interested in understanding what are the minimal vCenter privileges/permissions are needed for the Installer and Management Console.
Information
Note: Testing was done on vSphere 6.7 Update 3.
Minimal Privileges Required by the Installer:
To deploy the installer:
- Datastore > Allocate space
- Network > Assign network
- Virtual machine > Configuration > Add new disk
- Virtual machine > Configuration > Advanced configuration
- vApp > Import
To power on Management:
- Virtual machine > Interaction > Power on
The installed Management Console needs to be able to connect to and scan vCenter for the installer to complete:
- Profile-driven storage > Profile-driven storage view
Minimal Privileges Required by the Management Console:
The Management Console requirements:
-
- Alarms > All Alarms Privileges (for vCenter alarm operations)
- Profile-driven storage > Profile-driven storage update (for add/remove/modify storage policies)
- Profile-driven storage > Profile-driven storage view (for connecting to vCenter)
- Global > Diagnostics (for support bundle)
- Host > CIM > CIM interaction (for talking to hosts)
- Host > Configuration > Maintenance (for uninstall I/O filters)
- Host > Configuration > Query patch (for install/uninstall/remove I/O filters)
- Virtual machine > Change Configuration > Change Settings (for accelerate/decelerate)