You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To install an {product-title} cluster in a vCenter, the installation program requires access to an account with privileges to read and create the required resources. Using an account that has administrative privileges is the simplest way to access all of the necessary permissions.
29
-
30
-
A user requires the following privileges to install an {product-title} cluster:
31
-
32
-
* Datastore
33
-
** *Allocate space*
34
-
** *Browse datastore*
35
-
** *Low level file operations*
36
-
** *Remove file*
37
-
* Folder
38
-
** *Create folder*
39
-
** *Delete folder*
40
-
* vSphere Tagging
41
-
** All privileges
42
-
* Network
43
-
** *Assign network*
44
-
* Resource
45
-
** *Assign virtual machine to resource pool*
46
-
* Profile-driven storage
47
-
** All privileges
48
-
* vApp
49
-
** All privileges
50
-
* Virtual machine
51
-
** All privileges
28
+
To install an {product-title} cluster in a vCenter, the installation program requires access to an account with privileges to read and create the required resources. Using an account that has global administrative privileges is the simplest way to access all of the necessary permissions.
29
+
30
+
If you cannot use an account with global adminstrative privileges, you must create roles to grant the privileges necessary for {product-title} cluster installation. While most of the privileges are always required, some are required only if you plan for the installation program to provision a folder to contain the {product-title} cluster on your vCenter instance, which is the default behavior. You must create or amend vSphere roles for the specified objects to grant the required privileges.
31
+
32
+
An additional role is required if the installation program is to create a vSphere virtual machine folder.
33
+
34
+
.Roles and privileges required for installation
35
+
[%collapsible]
36
+
====
37
+
[cols="3a,3a,3a",options="header"]
38
+
|===
39
+
|vSphere object for role
40
+
|When required
41
+
|Required privileges
42
+
43
+
|vSphere vCenter
44
+
|Always
45
+
|
46
+
[%hardbreaks]
47
+
`Cns.Searchable`
48
+
`InventoryService.Tagging.AttachTag`
49
+
`InventoryService.Tagging.CreateCategory`
50
+
`InventoryService.Tagging.CreateTag`
51
+
`InventoryService.Tagging.DeleteCategory`
52
+
`InventoryService.Tagging.DeleteTag`
53
+
`InventoryService.Tagging.EditCategory`
54
+
`InventoryService.Tagging.EditTag`
55
+
`Sessions.ValidateSession`
56
+
`StorageProfile.View`
57
+
58
+
|vSphere vCenter Cluster
59
+
|Always
60
+
|
61
+
[%hardbreaks]
62
+
`Host.Config.Storage`
63
+
`Resource.AssignVMToPool`
64
+
`VApp.AssignResourcePool`
65
+
`VApp.Import`
66
+
`VirtualMachine.Config.AddNewDisk`
67
+
68
+
|vSphere Datastore
69
+
|Always
70
+
|
71
+
[%hardbreaks]
72
+
`Datastore.AllocateSpace`
73
+
`Datastore.Browse`
74
+
`Datastore.FileManagement`
75
+
76
+
|vSphere Port Group
77
+
|Always
78
+
|`Network.Assign`
79
+
80
+
|Virtual Machine Folder
81
+
|Always
82
+
|
83
+
[%hardbreaks]
84
+
`Resource.AssignVMToPool`
85
+
`VApp.Import`
86
+
`VirtualMachine.Config.AddExistingDisk`
87
+
`VirtualMachine.Config.AddNewDisk`
88
+
`VirtualMachine.Config.AddRemoveDevice`
89
+
`VirtualMachine.Config.AdvancedConfig`
90
+
`VirtualMachine.Config.Annotation`
91
+
`VirtualMachine.Config.CPUCount`
92
+
`VirtualMachine.Config.DiskExtend`
93
+
`VirtualMachine.Config.DiskLease`
94
+
`VirtualMachine.Config.EditDevice`
95
+
`VirtualMachine.Config.Memory`
96
+
`VirtualMachine.Config.RemoveDisk`
97
+
`VirtualMachine.Config.Rename`
98
+
`VirtualMachine.Config.ResetGuestInfo`
99
+
`VirtualMachine.Config.Resource`
100
+
`VirtualMachine.Config.Settings`
101
+
`VirtualMachine.Config.UpgradeVirtualHardware`
102
+
`VirtualMachine.Interact.GuestControl`
103
+
`VirtualMachine.Interact.PowerOff`
104
+
`VirtualMachine.Interact.PowerOn`
105
+
`VirtualMachine.Interact.Reset`
106
+
`VirtualMachine.Inventory.Create`
107
+
`VirtualMachine.Inventory.CreateFromExisting`
108
+
`VirtualMachine.Inventory.Delete`
109
+
`VirtualMachine.Provisioning.Clone`
110
+
111
+
|vSphere vCenter Datacenter
112
+
|If the installation program creates the virtual machine folder
113
+
|
114
+
[%hardbreaks]
115
+
`Resource.AssignVMToPool`
116
+
`VApp.Import`
117
+
`VirtualMachine.Config.AddExistingDisk`
118
+
`VirtualMachine.Config.AddNewDisk`
119
+
`VirtualMachine.Config.AddRemoveDevice`
120
+
`VirtualMachine.Config.AdvancedConfig`
121
+
`VirtualMachine.Config.Annotation`
122
+
`VirtualMachine.Config.CPUCount`
123
+
`VirtualMachine.Config.DiskExtend`
124
+
`VirtualMachine.Config.DiskLease`
125
+
`VirtualMachine.Config.EditDevice`
126
+
`VirtualMachine.Config.Memory`
127
+
`VirtualMachine.Config.RemoveDisk`
128
+
`VirtualMachine.Config.Rename`
129
+
`VirtualMachine.Config.ResetGuestInfo`
130
+
`VirtualMachine.Config.Resource`
131
+
`VirtualMachine.Config.Settings`
132
+
`VirtualMachine.Config.UpgradeVirtualHardware`
133
+
`VirtualMachine.Interact.GuestControl`
134
+
`VirtualMachine.Interact.PowerOff`
135
+
`VirtualMachine.Interact.PowerOn`
136
+
`VirtualMachine.Interact.Reset`
137
+
`VirtualMachine.Inventory.Create`
138
+
`VirtualMachine.Inventory.CreateFromExisting`
139
+
`VirtualMachine.Inventory.Delete`
140
+
`VirtualMachine.Provisioning.Clone`
141
+
`Folder.Create`
142
+
`Folder.Delete`
143
+
|===
144
+
====
145
+
146
+
147
+
Additionally, the user requires some `ReadOnly` permissions, and some of the roles require permission to propogate the permissions to child objects. These settings vary depending on whether or not you install the cluster into an existing folder.
148
+
149
+
.Required permissions and propagation settings
150
+
[%collapsible]
151
+
====
152
+
[cols="3a,3a,3a,3a",options="header"]
153
+
|===
154
+
|vSphere object
155
+
|Folder type
156
+
|Propagate to children
157
+
|Permissions required
158
+
159
+
|vSphere vCenter
160
+
|Always
161
+
|False
162
+
|Listed required privileges
163
+
164
+
.2+|vSphere vCenter Datacenter
165
+
|Existing folder
166
+
|False
167
+
|`ReadOnly` permission
168
+
169
+
|Installation program creates the folder
170
+
|True
171
+
|Listed required privileges
172
+
173
+
|vSphere vCenter Cluster
174
+
|Always
175
+
|True
176
+
|Listed required privileges
177
+
178
+
|vSphere vCenter Datastore
179
+
|Always
180
+
|False
181
+
|Listed required privileges
182
+
183
+
|vSphere Switch
184
+
|Always
185
+
|False
186
+
|`ReadOnly` permission
187
+
188
+
|vSphere Port Group
189
+
|Always
190
+
|False
191
+
|Listed required privileges
192
+
193
+
|vSphere vCenter Virtual Machine Folder
194
+
|Existing folder
195
+
|True
196
+
|Listed required privileges
197
+
|===
198
+
====
52
199
53
200
For more information about creating an account with only the required privileges, see link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-5372F580-5C23-4E9C-8A4E-EF1B4DD9033E.html[vSphere Permissions and User Management Tasks] in the vSphere documentation.
0 commit comments