We recommend creating a dedicated user account for the Secure Workload installer and assigning only the minimum required permissions needed for installation.
The following permissions are commonly assigned for Secure Workload installation:
VMware vSphere Objects and Permissions
Table 1.
Objects and Permissions
| vSphere Objects |
Permissions |
| Content Library |
Add or delete library item |
| Datastore |
-
Allocate space
-
Browse datastore
-
Configure datastore
-
Low level file operations
-
Move datastore
-
Remove datastore
-
Remove file
-
Rename datastore
-
Update virtual machine files
-
Update virtual machine metadata
|
| Folder |
-
Create folder
-
Delete folder
-
Move folder
-
Rename folder
|
| vSphere Tagging |
Assign or Unassign vSphere Tag on Object |
| Network |
-
Assign network
-
Configure
-
Move network
-
Remove
|
| Resource |
-
Apply recommendation
-
Assign vApp to resource pool
-
Assign virtual machine to resource pool
-
Create resource pool
-
Migrate powered off virtual machine
-
Migrate powered on virtual machine
-
Modify resource pool
-
Move resource pool
-
Query vMotion
-
Remove resource pool
-
Rename resource pool
|
| Scheduled task |
-
Create tasks
-
Modify task
-
Remove task
-
Run task
|
| Profile-driven storage |
|
| Tasks |
|
| vApp |
Import |
| Virtual machine |
-
Change Configuration
-
Acquire disk lease
-
Add existing disk
-
Add new disk
-
Add or remove device
-
Advanced configuration
-
Change CPU count
-
Change Memory
-
Change Settings
-
Change Swapfile placement
-
Change resource
-
Configure Host USB device
-
Configure Raw device
-
Configure managedBy
-
Display connection settings
-
Extend virtual disk
-
Modify device settings
-
Query Fault Tolerance compatibility
-
Query unowned files
-
Reload from path
-
Remove disk
-
Rename
-
Reset guest information
-
Set annotation
-
Toggle disk change tracking
-
Toggle fork parent
-
Upgrade virtual machine compatibility
-
Edit Inventory
-
Create from existing
-
Create new
-
Move
-
Register
-
Remove
-
Unregister
-
Interaction
-
Answer question
-
Backup operation on virtual machine
-
Configure CD media
-
Configure floppy media
-
Connect devices
-
Console interaction
-
Create screenshot
-
Defragment all disks
-
Drag and drop
-
Guest operating system management by VIX API
-
Inject USB HID scan codes
-
Install VMware Tools
-
Pause or Unpause
-
Perform wipe or shrink operations
-
Power off
-
Power on
-
Record session on virtual machine
-
Replay session on virtual machine
-
Reset
-
Resume Fault Tolerance
-
Suspend
-
Suspend Fault Tolerance
-
Test failover
-
Test restart Secondary VM
-
Turn off Fault Tolerance
-
Turn on Fault Tolerance
-
Provisioning
-
Allow disk access
-
Allow file access
-
Allow read-only disk access
-
Allow virtual machine download
-
Allow virtual machine files upload
-
Clone template
-
Clone virtual machine
-
Create template from virtual machine
-
Customize guest
-
Deploy template
-
Mark as template
-
Mark as virtual machine
-
Modify customization specification
-
Promote disks
-
Read customization specifications
|