This section describes the privileges required for operations with ESXi virtual machines and, additionally, for virtual appliance deployment. Agent for VMware (Virtual Appliance) is available in on-premise deployment only.
To perform operations on all hosts and clusters managed by a vCenter Server, Agent for VMware needs the privileges on the vCenter Server. If you want the agent to operate on a specific ESXi host only, provide the agent with the same privileges on the host.
Specify the account with the necessary privileges during Agent for VMware installation or configuration. If you need to change the account at a later time, refer to the "Changing the vSphere access credentials" section.
|
Operation |
|||||
|---|---|---|---|---|---|---|
Object |
Privilege |
Back up a VM |
Recover to a new VM |
Recover to an existing VM |
Run VM from backup |
VA deployment |
Cryptographic operations (starting with vSphere 6.5) |
Add disk |
+* |
|
|
|
|
|
Direct Access |
+* |
|
|
|
|
Datastore |
Allocate space |
|
+ |
+ |
+ |
+ |
|
Browse datastore |
|
|
|
+ |
+ |
|
Configure datastore |
+ |
+ |
+ |
+ |
+ |
|
Low level file operations |
|
|
|
+ |
+ |
Global |
Licenses |
+ |
+ |
+ |
+ |
|
|
Disable methods |
+ |
+ |
+ |
|
|
|
Enable methods |
+ |
+ |
+ |
|
|
Host > Configuration |
VM autostart configuration |
|
|
|
|
+ |
|
Storage partition configuration |
|
|
|
+ |
|
Host > Inventory |
Modify cluster |
|
|
|
|
+ |
Host > Local operations |
Create VM |
|
|
|
+ |
+ |
|
Delete VM |
|
|
|
+ |
+ |
|
Reconfigure VM |
|
|
|
+ |
+ |
Network |
Assign network |
|
+ |
+ |
+ |
+ |
Resource |
Assign VM to resource pool |
|
+ |
+ |
+ |
+ |
vApp |
Add virtual machine |
|
|
|
+ |
|
|
Import |
|
|
|
|
+ |
Virtual machine > Configuration |
Add existing disk |
+ |
+ |
|
+ |
|
|
Add new disk |
|
+ |
+ |
+ |
+ |
|
Add or remove device |
|
+ |
|
+ |
+ |
|
Advanced |
+ |
+ |
+ |
|
+ |
|
Change CPU count |
|
+ |
|
|
|
|
Disk change tracking |
+ |
|
+ |
|
|
|
Disk lease |
+ |
|
+ |
|
|
|
Memory |
|
+ |
|
|
|
|
Remove disk |
+ |
+ |
+ |
+ |
|
|
Rename |
|
+ |
|
|
|
|
Set annotation |
|
|
|
+ |
|
|
Settings |
|
+ |
+ |
+ |
|
Virtual machine > Guest Operations |
Guest Operation Program Execution |
+** |
|
|
|
+ |
|
Guest Operation Queries |
+** |
|
|
|
+ |
|
Guest Operation Modifications |
+** |
|
|
|
|
Virtual machine > Interaction |
Acquire guest control ticket (in vSphere 4.1 and 5.0) |
|
|
|
+ |
+ |
|
Configure CD media |
|
+ |
+ |
|
|
|
Console interaction |
|
|
|
|
+ |
|
Guest operating system management by VIX API (in vSphere 5.1 and later) |
|
|
|
+ |
+ |
|
Power off |
|
|
+ |
+ |
+ |
|
Power on |
|
+ |
+ |
+ |
+ |
Virtual machine > Inventory |
Create from existing |
|
+ |
+ |
+ |
|
|
Create new |
|
+ |
+ |
+ |
+ |
|
Move |
|
|
|
|
+ |
|
Register |
|
|
|
+ |
|
|
Remove |
|
+ |
+ |
+ |
+ |
|
Unregister |
|
|
|
+ |
|
Virtual machine > Provisioning |
Allow disk access |
|
+ |
+ |
+ |
|
|
Allow read-only disk access |
+ |
|
+ |
|
|
|
Allow virtual machine download |
+ |
+ |
+ |
+ |
|
Virtual machine > State |
Create snapshot |
+ |
|
+ |
+ |
+ |
|
Remove snapshot |
+ |
|
+ |
+ |
+ |
* This privilege is required for backing up encrypted machines only.
** This privilege is required for application-aware backups only.