In some environments, it may be necessary to provide CloudBolt with a vCenter user account following the principle of least privilege. In those cases, the vSphere admin will need to provision an account for CloudBolt using a role with a specific set of privileges.
Below is a listing of the minimum required privileges for CloudBolt to function in vCenter:
Datastore.AllocateSpace |
Datastore.Browse |
Datastore.Config |
Datastore.FileManagement |
Datastore.UpdateVirtualMachineFiles |
Datastore.UpdateVirtualMachineMetadata |
Folder.Create |
Folder.Delete |
Folder.Move |
Folder.Rename |
Network.Assign |
Resource.ApplyRecommendation |
Resource.AssignVMToPool |
Resource.QueryVMotion |
StoragePod.Config |
System.Anonymous |
System.Read |
System.View |
Task.Create |
Task.Update |
VApp.ApplicationConfig |
VApp.AssignResourcePool |
VApp.AssignVApp |
VApp.AssignVM |
VApp.Clone |
VApp.Create |
VApp.Delete |
VApp.Export |
VApp.ExtractOvfEnvironment |
VApp.Import |
VApp.InstanceConfig |
VApp.ManagedByConfig |
VApp.Move |
VApp.PowerOff |
VApp.PowerOn |
VApp.Rename |
VApp.ResourceConfig |
VApp.Suspend |
VApp.Unregister |
VirtualMachine.Config.AddExistingDisk |
VirtualMachine.Config.AddNewDisk |
VirtualMachine.Config.AddRemoveDevice |
VirtualMachine.Config.AdvancedConfig |
VirtualMachine.Config.Annotation |
VirtualMachine.Config.ChangeTracking |
VirtualMachine.Config.CPUCount |
VirtualMachine.Config.DiskExtend |
VirtualMachine.Config.DiskLease |
VirtualMachine.Config.EditDevice |
VirtualMachine.Config.HostUSBDevice |
VirtualMachine.Config.ManagedBy |
VirtualMachine.Config.Memory |
VirtualMachine.Config.MksControl |
VirtualMachine.Config.QueryFTCompatibility |
VirtualMachine.Config.QueryUnownedFiles |
VirtualMachine.Config.RawDevice |
VirtualMachine.Config.ReloadFromPath |
VirtualMachine.Config.RemoveDisk |
VirtualMachine.Config.Rename |
VirtualMachine.Config.ResetGuestInfo |
VirtualMachine.Config.Resource |
VirtualMachine.Config.Settings |
VirtualMachine.Config.SwapPlacement |
VirtualMachine.Config.Unlock |
VirtualMachine.Config.UpgradeVirtualHardware |
VirtualMachine.GuestOperations.Execute |
VirtualMachine.GuestOperations.Modify |
VirtualMachine.GuestOperations.Query |
VirtualMachine.Interact.DeviceConnection |
VirtualMachine.Interact.PowerOff |
VirtualMachine.Interact.PowerOn |
VirtualMachine.Interact.Reset |
VirtualMachine.Interact.ConsoleInteract |
VirtualMachine.Interact.SetCDMedia |
VirtualMachine.Interact.SetFloppyMedia |
VirtualMachine.Inventory.Create |
VirtualMachine.Inventory.CreateFromExisting |
VirtualMachine.Inventory.Delete |
VirtualMachine.Inventory.Move |
VirtualMachine.Inventory.Register |
VirtualMachine.Inventory.Unregister |
VirtualMachine.Provisioning.Clone |
VirtualMachine.Provisioning.CloneTemplate |
VirtualMachine.Provisioning.CreateTemplateFromVM |
VirtualMachine.Provisioning.Customize |
VirtualMachine.Provisioning.DeployTemplate |
VirtualMachine.Provisioning.DiskRandomAccess |
VirtualMachine.Provisioning.DiskRandomRead |
VirtualMachine.Provisioning.GetVmFiles |
VirtualMachine.Provisioning.MarkAsTemplate |
VirtualMachine.Provisioning.MarkAsVM |
VirtualMachine.Provisioning.ModifyCustSpecs |
VirtualMachine.Provisioning.PromoteDisks |
VirtualMachine.Provisioning.PutVmFiles |
VirtualMachine.Provisioning.ReadCustSpecs |
VirtualMachine.State.CreateSnapshot |
VirtualMachine.State.RemoveSnapshot |
VirtualMachine.State.RenameSnapshot |
VirtualMachine.State.RevertToSnapshot |
0 Comments