Purpose
The purpose of this document is to list the minimal permissions required for VMware host credentials (browse credentials) that are provided for operations in Protect.
Description
Required Roles
These permissions are set within vSphere.
At the vCenter level (if used):
A role is needed with at least *Global->Licenses checked at the root level (vCenter level) to be able to see the license.Otherwise one role that matches the ESX host level below at all levels.
At the ESX host level: (propagated to all sub levels)
Make sure the permissions listed are checked
*Datastore->Browse (Datastore.Browse)
*Global->Licenses (Global.Licenses)
*Resource->Assign Virtual machine to resource pool (Resource.AssignVMToPool)
*Virtual Machine->Interaction->Acquire guest control ticket (VirtualMachine.Interact.GuestControl)
*Virtual Machine->Interaction->Device Connection (VirtualMachine.Interact.DeviceConnection)
*Virtual Machine->Interaction->Power Off (VirtualMachine.Interact.PowerOff)
*Virtual Machine->Interaction->Power On (VirtualMachine.Interact.PowerOn)
*Virtual Machine->Provisioning->Allow disk access (VirtualMachine.Provisioning.DiskRandomAccess)
*Virtual Machine->Provisioning->Mark as template (VirtualMachine.Provisioning.MarkAsTemplate)
*Virtual Machine->Provisioning->Mark as virtual machine (VirtualMachine.Provisioning.MarkAsVM)
*Virtual Machine->State->Create snapshot (VirtualMachine.State.CreateSnapshot)
*Virtual Machine->State->Remove snapshot (VirtualMachine.State.RemoveSnapshot)
Additional Information
Some additional information worth noting:
-Protect needs to connect to the vCenter server to be abel to patch VM templates.
-VMware tools must be installed on VMs and VM templates.
-It is required to provide a local administrator account for the target system set in the machine group (to deploy to offline VMs).
Virtual Machine Template Patching Requirements & Informational Document
Patching process of a virtual infrastructure
Products
Shavlik Protect 9.x