Minimum Required Permissions in vCenter/ VMware

In some environments, it may be necessary to provide CloudBolt with a vCenter user account following the principle of least privilege. In those cases, the vSphere admin will need to provision an account for CloudBolt using a role with a specific set of privileges.

Below is a listing of the minimum required privileges for CloudBolt to function in vCenter:

Name of Vcenter Permissions Required for Service Account	CMP Functionality by Category
Datastore.AllocateSpace	Provisioning VM
Datastore.Browse	Provisioning VM
Datastore.Config	Provisioning VM
Datastore.FileManagement	Provisioning VM
Datastore.UpdateVirtualMachineFiles	Provisioning VM
Datastore.UpdateVirtualMachineMetadata	Provisioning VM
Folder.Create	Provisioning VM
Folder.Delete	Provisioning VM
Folder.Move	Provisioning VM
Folder.Rename	Provisioning VM
Network.Assign	Provisioning VM
Resource.ApplyRecommendation	Provisioning VM
Resource.AssignVMToPool	Provisioning VM
Resource.QueryVMotion	Provisioning VM/ Sync VM
StoragePod.Config
System.Anonymous	Read managed object data during or after Provisioning VM
System.Read	Read managed object data during or after Provisioning VM
System.View	Read managed object data during or after Provisioning VM
Task.Create	Create VM related tasks in vcenter
Task.Update	Update VM related tasks in vcenter
VApp.ApplicationConfig	Provisioning VM
VApp.AssignResourcePool	Provisioning VM
VApp.AssignVApp
VApp.AssignVM
VApp.Clone
VApp.Create
VApp.Delete
VApp.Export
VApp.ExtractOvfEnvironment
VApp.Import
VApp.InstanceConfig
VApp.ManagedByConfig
VApp.Move
VApp.PowerOff
VApp.PowerOn
VApp.Rename
VApp.ResourceConfig
VApp.Suspend
VApp.Unregister
VirtualMachine.Config.AddExistingDisk
VirtualMachine.Config.AddNewDisk
VirtualMachine.Config.AddRemoveDevice
VirtualMachine.Config.AdvancedConfig
VirtualMachine.Config.Annotation
VirtualMachine.Config.ChangeTracking
VirtualMachine.Config.CPUCount
VirtualMachine.Config.DiskExtend
VirtualMachine.Config.DiskLease
VirtualMachine.Config.EditDevice
VirtualMachine.Config.HostUSBDevice
VirtualMachine.Config.ManagedBy
VirtualMachine.Config.Memory
VirtualMachine.Config.MksControl
VirtualMachine.Config.QueryFTCompatibility
VirtualMachine.Config.QueryUnownedFiles
VirtualMachine.Config.RawDevice
VirtualMachine.Config.ReloadFromPath
VirtualMachine.Config.RemoveDisk
VirtualMachine.Config.Rename
VirtualMachine.Config.ResetGuestInfo
VirtualMachine.Config.Resource
VirtualMachine.Config.Settings
VirtualMachine.Config.SwapPlacement
VirtualMachine.Config.Unlock
VirtualMachine.Config.UpgradeVirtualHardware
VirtualMachine.GuestOperations.Execute
VirtualMachine.GuestOperations.Modify
VirtualMachine.GuestOperations.Query
VirtualMachine.Interact.DeviceConnection
VirtualMachine.Interact.PowerOff
VirtualMachine.Interact.PowerOn
VirtualMachine.Interact.Reset
VirtualMachine.Interact.ConsoleInteract
VirtualMachine.Interact.SetCDMedia
VirtualMachine.Interact.SetFloppyMedia
VirtualMachine.Inventory.Create
VirtualMachine.Inventory.CreateFromExisting
VirtualMachine.Inventory.Delete
VirtualMachine.Inventory.Move
VirtualMachine.Inventory.Register
VirtualMachine.Inventory.Unregister
VirtualMachine.Provisioning.Clone
VirtualMachine.Provisioning.CloneTemplate
VirtualMachine.Provisioning.CreateTemplateFromVM
VirtualMachine.Provisioning.Customize
VirtualMachine.Provisioning.DeployTemplate
VirtualMachine.Provisioning.DiskRandomAccess
VirtualMachine.Provisioning.DiskRandomRead
VirtualMachine.Provisioning.GetVmFiles
VirtualMachine.Provisioning.MarkAsTemplate
VirtualMachine.Provisioning.MarkAsVM
VirtualMachine.Provisioning.ModifyCustSpecs	Provisioning VM/Day 2 actions
VirtualMachine.Provisioning.PromoteDisks	Provisioning VM
VirtualMachine.Provisioning.PutVmFiles	Provisioning VM
VirtualMachine.Provisioning.ReadCustSpecs	Provisioning VM
VirtualMachine.State.CreateSnapshot	VM snapshot management
VirtualMachine.State.RemoveSnapshot	VM snapshot management
VirtualMachine.State.RenameSnapshot	VM snapshot management
VirtualMachine.State.RevertToSnapshot	VM snapshot management

0 Comments