User Privileges on vSphere
The following table provides the minimal set of privileges that are required by the vSphere user to execute the relevant operations in vCenter.
Roles |
Privileges |
Entities |
Propagate to Children |
---|---|---|---|
manage-k8s-node-vms |
Resource.AssignVMToPool System.Anonymous System.Read System.View VirtualMachine.Config.AddExistingDisk VirtualMachine.Config.AddNewDisk VirtualMachine.Config.AddRemoveDevice VirtualMachine.Config.RemoveDisk VirtualMachine.Inventory.Create VirtualMachine.Inventory.Delete |
Cluster, Hosts, VM folder |
Yes |
manage-k8s-volumes |
Datastore.AllocateSpace Datastore.FileManagement System.Anonymous System.Read System.View |
Datastore |
No |
k8s-system-read-and-spbmprofile-view |
StorageProfile.View System.Anonymous System.Read System.View |
vCenter |
No |
ReadOnly |
System.Anonymous System.Read System.View |
Datacenter, Datastore cluster, Datastore storage folder |
Yes |
ccp-register-extension |
Extension.Register Extension.Unregister Extension.Update |
vCenter |
No |
CCP_Admin |
Extension.Register Extension.Unregister Extension.Update Resource.AssignVMToPool Network.Assign StorageProfile.View System.Anonymous System.Read System.View VirtualMachine.Config.AddExistingDisk VirtualMachine.Config.AddNewDisk VirtualMachine.Config.AddRemoveDevice VirtualMachine.Config.RemoveDisk VirtualMachine.Config.CPUCount VirtualMachine.Config.AdvancedConfig VirtualMachine.Config.Resource VirtualMachine.Config.ManagedBy VirtualMachine.Config.DiskExtend VirtualMachine.Config.Memory VirtualMachine.Config.Settings VirtualMachine.Config.RawDevice VirtualMachine.Inventory.Create VirtualMachine.Inventory.Remove VirtualMachine.Provisioning.Clone VirtualMachine.Provisioning.CreateTemplateFromVM VirtualMachine.Provisioning.DeployTemplate VApp.Import VApp.PowerOn VApp.PowerOff VApp.Suspend VApp.ResourceConfig VApp.InstanceConfig VApp.ApplicationConfig VApp.ManagedByConfig |
Cluster, Hosts, Vcenter, Datastore, Datastore cluster |
Yes |
For more information on adding a provider profile, see Adding vSphere Provider Profile.