Merge pull request #52846 from xenolinux/vcenterui-permissions

stevsmit · web-flow · commit 71cb4c86d863 · 2022-11-18T09:12:39.000-05:00
git51366: Add vCenter UI permissions
diff --git a/modules/installation-vsphere-installer-infra-requirements.adoc b/modules/installation-vsphere-installer-infra-requirements.adoc
@@ -31,14 +31,14 @@ If you cannot use an account with global administrative privileges, you must cre
 
 An additional role is required if the installation program is to create a vSphere virtual machine folder.
 
-.Roles and privileges required for installation
+.Roles and privileges required for installation in vSphere API
 [%collapsible]
 ====
 [cols="3a,3a,3a",options="header"]
 |===
 |vSphere object for role
 |When required
-|Required privileges
+|Required privileges in vSphere API
 
 |vSphere vCenter
 |Always
@@ -161,6 +161,136 @@ An additional role is required if the installation program is to create a vSpher
 |===
 ====
 
+.Roles and privileges required for installation in vCenter graphical user interface (GUI)
+[%collapsible]
+====
+[cols="3a,3a,3a",options="header"]
+|===
+|vSphere object for role
+|When required
+|Required privileges in vCenter GUI
+
+|vSphere vCenter
+|Always
+|
+[%hardbreaks]
+`Cns.Searchable`
+`"vSphere Tagging"."Assign or Unassign vSphere Tag"`
+`"vSphere Tagging"."Create vSphere Tag Category"`
+`"vSphere Tagging"."Create vSphere Tag"`
+`vSphere Tagging"."Delete vSphere Tag Category"`
+`"vSphere Tagging"."Delete vSphere Tag"`
+`"vSphere Tagging"."Edit vSphere Tag Category"`
+`"vSphere Tagging"."Edit vSphere Tag"`
+`Sessions."Validate session"`
+`"Profile-driven storage"."Profile-driven storage update"`
+`"Profile-driven storage"."Profile-driven storage view"`
+
+|vSphere vCenter Cluster
+|If VMs will be created in the cluster root
+|
+[%hardbreaks]
+`Host.Configuration."Storage partition configuration"`
+`Resource."Assign virtual machine to resource pool"`
+`VApp."Assign resource pool"`
+`VApp.Import`
+`"Virtual machine"."Change Configuration"."Add new disk"`
+
+|vSphere vCenter Resource Pool
+|If an existing resource pool is provided
+|
+[%hardbreaks]
+`Host.Configuration."Storage partition configuration"`
+`Resource."Assign virtual machine to resource pool"`
+`VApp."Assign resource pool"`
+`VApp.Import`
+`"Virtual machine"."Change Configuration"."Add new disk"`
+
+|vSphere Datastore
+|Always
+|
+[%hardbreaks]
+`Datastore."Allocate space"`
+`Datastore."Browse datastore"`
+`Datastore."Low level file operations"`
+`"vSphere Tagging"."Assign or Unassign vSphere Tag on Object"`
+
+|vSphere Port Group
+|Always
+|`Network."Assign network"`
+
+|Virtual Machine Folder
+|Always
+|
+[%hardbreaks]
+`"vSphere Tagging"."Assign or Unassign vSphere Tag on Object"`
+`Resource."Assign virtual machine to resource pool"`
+`VApp.Import`
+`"Virtual machine"."Change Configuration"."Add existing disk"`
+`"Virtual machine"."Change Configuration"."Add new disk"`
+`"Virtual machine"."Change Configuration"."Add or remove device"`
+`"Virtual machine"."Change Configuration"."Advanced configuration"`
+`"Virtual machine"."Change Configuration"."Set annotation"`
+`"Virtual machine"."Change Configuration"."Change CPU count"`
+`"Virtual machine"."Change Configuration"."Extend virtual disk"`
+`"Virtual machine"."Change Configuration"."Acquire disk lease"`
+`"Virtual machine"."Change Configuration"."Modify device settings"`
+`"Virtual machine"."Change Configuration"."Change Memory"`
+`"Virtual machine"."Change Configuration"."Remove disk"`
+`"Virtual machine"."Change Configuration".Rename`
+`"Virtual machine"."Change Configuration"."Reset guest information"`
+`"Virtual machine"."Change Configuration"."Change resource"`
+`"Virtual machine"."Change Configuration"."Change Settings"`
+`"Virtual machine"."Change Configuration"."Upgrade virtual machine compatibility"`
+`"Virtual machine".Interaction."Guest operating system management by VIX API"`
+`"Virtual machine".Interaction."Power off"`
+`"Virtual machine".Interaction."Power on"`
+`"Virtual machine".Interaction.Reset`
+`"Virtual machine"."Edit Inventory"."Create new"`
+`"Virtual machine"."Edit Inventory"."Create from existing"`
+`"Virtual machine"."Edit Inventory"."Remove"`
+`"Virtual machine".Provisioning."Clone virtual machine"`
+`"Virtual machine".Provisioning."Mark as template"`
+`"Virtual machine".Provisioning."Deploy template"`
+
+|vSphere vCenter Datacenter
+|If the installation program creates the virtual machine folder
+|
+[%hardbreaks]
+`"vSphere Tagging"."Assign or Unassign vSphere Tag on Object"`
+`Resource."Assign virtual machine to resource pool"`
+`VApp.Import`
+`"Virtual machine"."Change Configuration"."Add existing disk"`
+`"Virtual machine"."Change Configuration"."Add new disk"`
+`"Virtual machine"."Change Configuration"."Add or remove device"`
+`"Virtual machine"."Change Configuration"."Advanced configuration"`
+`"Virtual machine"."Change Configuration"."Set annotation"`
+`"Virtual machine"."Change Configuration"."Change CPU count"`
+`"Virtual machine"."Change Configuration"."Extend virtual disk"`
+`"Virtual machine"."Change Configuration"."Acquire disk lease"`
+`"Virtual machine"."Change Configuration"."Modify device settings"`
+`"Virtual machine"."Change Configuration"."Change Memory"`
+`"Virtual machine"."Change Configuration"."Remove disk"`
+`"Virtual machine"."Change Configuration".Rename`
+`"Virtual machine"."Change Configuration"."Reset guest information"`
+`"Virtual machine"."Change Configuration"."Change resource"`
+`"Virtual machine"."Change Configuration"."Change Settings"`
+`"Virtual machine"."Change Configuration"."Upgrade virtual machine compatibility"`
+`"Virtual machine".Interaction."Guest operating system management by VIX API"`
+`"Virtual machine".Interaction."Power off"`
+`"Virtual machine".Interaction."Power on"`
+`"Virtual machine".Interaction.Reset`
+`"Virtual machine"."Edit Inventory"."Create new"`
+`"Virtual machine"."Edit Inventory"."Create from existing"`
+`"Virtual machine"."Edit Inventory"."Remove"`
+`"Virtual machine".Provisioning."Clone virtual machine"`
+`"Virtual machine".Provisioning."Deploy template"`
+`"Virtual machine".Provisioning."Mark as template"`
+`Folder."Create folder"`
+`Folder."Delete folder"`
+|===
+====
+
 
 Additionally, the user requires some `ReadOnly` permissions, and some of the roles require permission to propogate the permissions to child objects. These settings vary depending on whether or not you install the cluster into an existing folder.
 
