User Privileges on vSphere
The following table provides the minimal set of privileges that are required by the vSphere user to execute the relevant operations in vCenter.
Roles |
Privileges |
Entities |
Propagate to Children |
---|---|---|---|
manage-k8s-node-vms |
Resource.AssignVMToPool System.Anonymous System.Read System.View VirtualMachine.Config.AddExistingDisk VirtualMachine.Config.AddNewDisk VirtualMachine.Config.AddRemoveDevice VirtualMachine.Config.RemoveDisk VirtualMachine.Inventory.Create VirtualMachine.Inventory.Delete |
Cluster, Hosts, VM Folder |
Yes |
manage-k8s-volumes |
Datastore.AllocateSpace Datastore.FileManagement System.Anonymous System.Read System.View |
Datastore |
No |
k8s-system-read-and-spbmprofile-view |
StorageProfile.View System.Anonymous System.Read System.View |
vCenter |
No |
ReadOnly |
System.Anonymous System.Read System.View |
Datacenter, Datastore Cluster, Datastore Storage Folder |
Yes |
ccp-register-extension |
Extension.Register Extension.Unregister Extension.Update |
vCenter |
No |
For more information on adding a provider profile, see Adding Provider Profile.