Privileges Required to Invoke Operations
By default, all users who are members of the Windows Administrators group on the vCenter Server system have the same access rights as a user assigned to the Administrator role on all objects. When connecting directly to an ESX/ESXi host, the root and vpxuser user accounts have the same access rights as any user assigned the Administrator role on all objects.
All other users initially have no permissions on any objects, which means they cannot view these objects or perform operations on them. A user with Administrator privileges must assign permissions to these users to allow them to perform tasks.
Privileges Required for vCenter Server and ESX/ESXi Operations lists the privileges required to perform various operations. (For privileges identified as dynamic, see the vSphere API Reference.) Operations can be supported by vCenter Server, ESXi, or both, as shown in Privileges Required for vCenter Server and ESX/ESXi Operations.
Important The information does not include operations new in ESX/ESXi 4.1.
Privileges Required for vCenter Server and ESX/ESXi Operations 
Operation
Privilege
VS
ESX/ESXi
AcquireLocalTicket
System.Anonymous
X
X
AcquireMksTicket
VirtualMachine.Interact.ConsoleInteract
X
X
AddAuthorizationRole
Authorization.ModifyRoles
X
X
AddCustomFieldDef
Global.ManageCustomFields
X
 
AddHost_Task
Host.Inventory.AddHostToCluster
X
 
AddInternetScsiSendTargets
Host.Config.Storage
X
X
AddInternetScsiStaticTargets
Host.Config.Storage
X
X
AddPortGroup
Host.Config.Network
X
X
AddServiceConsoleVirtualNic
Host.Config.Network
X
X
AddStandaloneHost_Task
Host.Inventory.AddStandaloneHost
X
 
AddVirtualNic
Host.Config.Network
X
X
AddVirtualSwitch
Host.Config.Network
X
X
AnswerVM
VirtualMachine.Interact.AnswerQuestion
X
X
ApplyRecommendation
Resource.ApplyRecommendation
X
 
AssignUserToGroup
Host.Local.ManageUserGroups
X
X
AttachVmfsExtent
Host.Config.Storage
X
X
AutoStartPowerOff
Host.Config.AutoStart
X
X
AutoStartPowerOn
Host.Config.AutoStart
X
X
BrowseDiagnosticLog
Global.Diagnostics
X
X
CancelTask
Global.CancelTask
X
 
CancelWaitForUpdates
System.View
X
X
CheckCustomizationResources
System.View
X
 
CheckCustomizationSpec
VirtualMachine.Provisioning.Customize
X
 
CheckForUpdates
System.View
X
X
CheckIfMasterSnmpAgentRunning
Host.Config.Snmp
X
X
CheckLicenseFeature
Global.Licenses
X
X
CloneVM_Task
NONE.
Privileges are required on the virtual machine being cloned and depend on whether the virtual machine is a template. See CloneVM_Task in the vSphere API Reference for specific privileges.
You need the VirtualMachine.Inventory.Create privilege on the folder where the new virtual machine is located.
X
 
ComputeDiskPartitionInfo
Host.Config.Storage
X
X
ConfigureDatastorePrincipal
Host.Config.Maintenance
X
X
ConfigureLicenseSource
Global.Licenses
X
X
CreateAlarm
NONE.
Create privilege required on the entity associated with the alarm.
X
 
CreateCluster
Host.Inventory.CreateCluster
X
 
CreateCollectorForEvents
System.View
X
X
CreateCollectorForTasks
System.View
X
 
CreateCustomizationSpec
VirtualMachine.Provisioning.ModifyCustSpecs
X
 
CreateDatacenter
Datacenter.Create
X
X
CreateDiagnosticPartition
Host.Config.Storage
X
X
CreateFilter
System.View
X
X
CreateFolder
Folder.Create
X
X
CreateGroup
Host.Local.ManageUserGroups
X
X
CreateNasDatastore
Host.Config.Storage
X
X
CreatePerfInterval
Performance.ModifyIntervals
X
X
CreateResourcePool
Resource.CreatePool
X
X
CreateScheduledTask
NONE.
ScheduledTask.Create required on the entity associated with the scheduled task.
X
 
CreateSnapshot_Task
VirtualMachine.State.CreateSnapshot
X
X
CreateUser
Host.Local.ManageUserGroups
X
X
CreateVM_Task
VirtualMachine.Inventory.Create
Also, Resource.AssignVMToPool privilege required on the resource pool with which the virtual machine will be associated.
X
X
CreateVmfsDatastore
Host.Config.Storage
X
X
CurrentTime
System.View
X
X
CustomizationSpecItemToXml
System.View
X
 
CustomizeVM_Task
VirtualMachine.Provisioning.Customize
X
 
DeleteCustomizationSpec
VirtualMachine.Provisioning.ModifyCustSpecs
X
 
DeleteFile
Datastore.DeleteFile
X
X
DeselectVnic
Host.Config.Network
X
X
Destroy_Task
See Destroy_Task in the vSphere API Reference.
X
X
DestroyChildren
See DestroyChildren in the vSphere API Reference.
X
X
DestroyCollector
NONE
X
X
DestroyDatastore
Datastore.Delete
X
X
DestroyNetwork
Network.Delete
X
X
DestroyPropertyFilter
NONE
X
X
DisableFeature
Global.Licenses
X
X
DisableHyperThreading
Host.Config.HyperThreading
X
X
DisableMultipathPath
Host.Config.Storage
X
X
DisableRuleSet
Host.Config.NetService
X
X
DisconnectHost_Task
Host.Config.Connection
X
X
DoesCustomizationSpecExist
VirtualMachine.Provisioning.ReadCustSpecs
X
 
DuplicateCustomizationSpec
VirtualMachine.Provisioning.ModifyCustSpecs
X
 
EnableFeature
Global.Licenses
X
X
EnableHyperThreading
Host.Config.HyperThreading
X
X
EnableMultipathPath
Host.Config.Storage
X
X
EnableRuleset
Host.Config.NetService
X
X
EnterMaintenanceMode_Task
Host.Config.Maintenance
X
X
ExitMaintenanceMode_Task
Host.Config.Maintenance
X
X
ExtendVmfsDatastore
Host.Config.Storage
X
X
FindByDatastorePath
System.View
X
X
FindByDnsName
System.View
X
X
FindByInventoryPath
System.View
X
X
FindByIp
System.View
X
X
FindByUuid
System.View
X
X
FindChild
System.View
X
X
FormatVmfs
Host.Config.Storage
X
X
GenerateLogBundles_Task
Global.Diagnostics
X
X
GetAlarm
System.View
X
 
GetAlarmState
NONE
System.Read privilege is required on the entity associated with the alarm.
X
 
GetCustomizationSpec
VirtualMachine.Provisioning.ReadCustSpecs
X
 
JoinDomainTask
Host.Config.AuthenticationStore
 
X
LeaveCurrentDomain_Task
Host.Config.AuthenticationStore
 
X
Login
System.Anonymous
X
X
Logout
System.View
X
X
LogUserEvent
NONE
Global.LogEvent required on the entity associated with the event.
X
X
MarkAsTemplate
VirtualMachine.Provisioning.MarkAsTemplate
X
 
MarkAsVirtualMachine
VirtualMachine.Provisioning.MarkAsVM
Resource.AssignVMToPool required on the resource pool to associate with the virtual machine.
X
 
MergePermissions
Authorization.ReassignRolePermissions
X
X
MigrateVM_Task
See MigrateVM_Task in the vSphere API Reference.
X
 
MountToolsInstaller
VirtualMachine.Interact.ToolsInstall
X
X
MoveHostInto_Task
Host.Inventory.EditCluster
Host.Inventory.MoveHost required on the host being moved.
X
 
MoveInto_Task
Host.Inventory.EditCluster
Host.Inventory.MoveHost required on the host being moved.
X
X
MoveIntoFolder_Task
See MoveIntoFolder_Task in the vSphere API Reference.
X
X
MoveIntoResourcePool
See MoveIntoFolder_Task in the vSphere API Reference.
X
X
OverwriteCustomizationSpec
VirtualMachine.Provisioning.ModifyCustSpecs
X
 
PowerOffVM_Task
VirtualMachine.Interact.PowerOff
X
X
PowerOnVM_Task
VirtualMachine.Interact.PowerOn
X
X
QueryAvailableDisksForVmfs
Host.Config.Storage
X
X
QueryAvailablePartition
Host.Config.Storage
X
X
QueryAvailablePerfMetric
NONE
System.Read is required on the entity for which available performance metrics are queried.
X
X
QueryConfigOption
System.Read
X
X
QueryConfigOptionDescriptor
System.Read
X
X
QueryConfigTarget
System.Read
X
X
QueryConnectionInfo
Host.Inventory.AddStandaloneHost
X
X
QueryDescriptions
Global.Diagnostics
X
X
QueryEvents
System.View
X
X
QueryHostConnectionInfo
System.Read
X
X
QueryLicenseSourceAvailability
Global.Licenses
X
X
QueryLicenseUsage
Global.Licenses
X
X
QueryMemoryOverhead
System.Read
X
X
QueryNetworkHint
Host.Config.Network
X
X
QueryOptions
System.Read
X
X
QueryPartitionCreateDesc
Host.Config.Storage
X
X
QueryPartitionCreateOptions
Host.Config.Storage
X
X
QueryPerf
NONE
System.Read privilege is required on the entity whose performance statistics are being queried.
X
X
QueryPerfComposite
NONE
System.Read privilege is required on the entity whose performance statistics are being queried.
X
X
QueryPerfCounter
System.View
X
X
QueryPerfProviderSummary
NONE
System.Read privilege is required on the entity whose performance statistics are being queried.
X
X
QueryVmfsDatastoreCreateOptions
Host.Config.Storage
X
X
QueryVmfsDatastoreExtendOptions
Host.Config.Storage
X
X
QueryVMotionCompatibility
Resource.QueryVMotion
X
 
ReadNextEvents
NONE
X
X
ReadNextTasks
NONE
X
 
ReadPreviousEvents
NONE
X
X
ReadPreviousTasks
NONE
X
 
RebootGuest
VirtualMachine.Interact.Reset
X
X
RebootHost_Task
Host.Config.Maintenance
X
X
RecommendHostsForVm
System.Read
X
 
ReconfigureAlarm
Alarm.Edit
X
 
ReconfigureAutostart
Host.Config.AutoStart
X
X
ReconfigureCluster_Task
Host.Inventory.EditCluster
X
 
ReconfigureHostForDAS_Task
Host.Config.Connection
X
 
ReconfigureScheduledTask
ScheduledTask.Edit
X
 
ReconfigureServiceConsoleReservation
Host.Config.Memory
X
X
ReconfigVM_Task
dynamic
X
X
ReconnectHost_Task
Host.Config.Connection
X
 
RefreshDatastore
System.Read
X
X
RefreshFirewall
Host.Config.NetService
X
X
RefreshNetworkSystem
Host.Config.Network
X
X
RefreshServices
Host.Config.NetService
X
X
RefreshStorageSystem
Host.Config.Storage
X
X
RegisterVM_Task
VirtualMachine.Inventory.Create
Resource.AssignVMToPool privilege is required on the resource pool to which the virtual machine should be attached.
X
X
ReleaseLease
NONE.
X
X
Reload
System.Read
X
X
RelocateVM_Task
Resource.ColdMigrate
X
 
RemoveAlarm
Alarm.Delete
X
 
RemoveAllSnapshots_Task
VirtualMachine.State.RemoveSnapshot
X
X
RemoveAuthorizationRole
Authorization.ModifyRoles
X
X
RemoveCustomFieldDef
Global.ManageCustomFields
X
 
RemoveDatastore
Host.Config.Storage
X
X
RemoveEntityPermission
NONE
Authorization.ModifyPermissions privilege is required on the entity associated with the permission.
X
X
RemoveGroup
Host.Local.ManageUserGroups
X
X
RemoveInternetScsiSendTargets
Host.Config.Storage
X
X
RemoveInternetScsiStaticTargets
Host.Config.Storage
X
X
RemovePerfInterval
Performance.ModifyIntervals
X
X
RemovePortGroup
Host.Config.Network
X
X
RemoveScheduledTask
ScheduledTask.Delete
X
 
RemoveServiceConsoleVirtualNic
Host.Config.Network
X
X
RemoveSnapshot_Task
VirtualMachine.State.RemoveSnapshot
X
X
RemoveUser
Host.Local.ManageUserGroups
X
X
RemoveVirtualNic
Host.Config.Network
X
X
RemoveVirtualSwitch
Host.Config.Network
X
X
Rename_Task
See Rename_Task in the vSphere API Reference.
X
X
RenameCustomFieldDef
Global.ManageCustomFields
X
 
RenameCustomizationSpec
VirtualMachine.Provisioning.ModifyCustSpecs
X
 
RenameDatastore
Datacenter.RenameDatastore
X
X
RenameSnapshot
VirtualMachine.State.RenameSnapshot
X
All but ESX 2.x
RenewLease
NONE
X
X
RescanAllHba
Host.Config.Storage
X
X
RescanHba
Host.Config.Storage
X
X
RescanVmfs
Host.Config.Storage
X
X
ResetCollector
NONE
X
X
ResetEntityPermissions
NONE
Authorization.ModifyPermissions privilege is required on the entity associated with the permission and the entity’s parent.
X
X
ResetGuestInformation
VirtualMachine.Config.ResetGuestInfo
X
X
ResetVM_Task
VirtualMachine.Interact.Reset
X
X
RestartMasterSnmpAgent
Host.Config.Snmp
X
X
RestartService
Host.Config.NetService
X
X
RestartServiceConsoleVirtualNic
Host.Config.Network
X
X
RetrieveAllPermissions
System.View
X
X
RetrieveDiskPartitionInfo
Host.Config.Storage
X
X
RetrieveEntityPermissions
NONE
System.Read privilege is required on the entity whose performance statistics are being queried.
X
X
RetrieveEntityScheduledTask
System.View
X
 
RetrieveProperties
System.View
X
X
RetrieveRolePermissions
System.View
X
X
RetrieveServiceContent
System.Anonymous
X
X
RetrieveUserGroups
System.View
X
X
RevertToCurrentSnapshot_Task
VirtualMachine.State.RevertToSnapshot
X
On all but ESX 2.x
RevertToSnapshot_Task
VirtualMachine.State.RevertToSnapshot
RewindCollector
NONE
X
X
RunScheduledTask
ScheduledTask.Run
X
 
SearchDatastore_Task
Datastore.Browse
X
X
SearchDatastoreSubFolders_Task
Datastore.Browse
X
X
SelectActivePartition
Host.Config.Storage
X
X
SelectVnic
Host.Config.Network
X
X
SetCollectorPageSize
NONE
X
X
SetEntityPermissions
NONE
Authorization.ModifyPermissions required on entity associated with the permissions and its parent.
X
X
SetField
NONE
Global.SetCustomField required on the entity associated with the custom field.
X
X
SetLicenseEdition
Global.Licenses
X
X
SetLocale
System.View
X
X
SetMultipathLunPolicy
Host.Config.Storage
X
X
SetScreenResolution
VirtualMachine.Interact.ConsoleInteract
X
X
ShutdownGuest
VirtualMachine.Interact.PowerOff
X
X
ShutdownHost_Task
Host.Config.Maintenance
X
X
StandbyGuest
VirtualMachine.Interact.Suspend
X
X
StartService
Host.Config.NetService
X
X
StopMasterSnmpAgent
Host.Config.Snmp
X
X
StopServiceq
Host.Config.NetService
X
X
SuspendVM_Task
VirtualMachine.Interact.Suspend
X
X
TerminateSession
Sessions.TerminateSession
X
X
UnassignUserFromGroup
Host.Local.ManageUserGroups
X
X
UninstallService
Host.Config.NetService
X
X
UnmountToolsInstaller
VirtualMachine.Interact.ToolsInstall
X
X
UnregisterAndDestroy_Task
Folder.Delete
The privilege is also required on the parent managed entity.
X
X
UnregisterVM
VirtualMachine.Inventory.Delete
X
X
UpdateAuthorizationRole
Authorization.ModifyRoles
X
X
UpdateChildResourceConfiguration
See UpdateChildResourceConfiguration in the vSphere API Reference.
X
X
UpdateConfig
See UpdateConfig in the vSphere API Reference.
X
X
UpdateConsoleIpRouteConfig
Host.Config.Network
X
X
UpdateDefaultPolicy
Host.Config.Network
X
X
UpdateDiskPartitions
Host.Config.Storage
X
X
UpdateDnsConfig
Host.Config.Network
X
X
UpdateInternetScsiAlias
Host.Config.Storage
X
X
UpdateInternetScsiAuthenticationProperties
Host.Config.Storage
X
X
UpdateInternetScsiDiscoveryProperties
Host.Config.Storage
X
X
UpdateInternetScsiIPProperties
Host.Config.Storage
X
X
UpdateInternetScsiName
Host.Config.Storage
X
X
UpdateIpConfig
Host.Config.Network
X
X
UpdateIpRouteConfig
Host.Config.Network
X
X
UpdateNetworkConfig
Host.Config.Network
X
X
UpdateOptions
See UpdateOptions in the vSphere API Reference.
X
 
UpdatePerfInterval
Performance.ModifyIntervals
X
X
UpdatePhysicalNicLinkSpeed
Host.Config.Network
X
X
UpdatePortGroup
Host.Config.Network
X
X
UpdateServiceConsoleVirtualNic
Host.Config.Network
X
X
UpdateServiceMessage
Sessions.GlobalMessage
X
X
UpdateServicePolicy
Host.Config.NetService
X
X
UpdateSnmpConfig
Host.Config.Snmp
X
X
UpdateSoftwareInternetScsiEnabled
Host.Config.Storage
X
X
UpdateSystemResources
Host.Config.Resources
X
X
UpdateUser
Host.Local.ManageUserGroups
X
X
UpdateVirtualNic
Host.Config.Network
X
X
UpdateVirtualSwitch
Host.Config.Network
X
X
UpgradeTools_Task
VirtualMachine.Interact.ToolsInstall
X
X
UpgradeVM_Task
VirtualMachine.Config.UpgradeVirtualHardware
X
X
UpgradeVmfs
Host.Config.Storage
X
X
UpgradeVmLayout
Host.Config.Storage
X
X
ValidateMigration
See ValidateMigration in the vSphere API Reference.
Resource.AssignVMToPool required on the target resource pool for the virtual machines.
X
 
WaitForUpdates
System.View
X
X
XmlToCustomizationSpecItem
System.View
X
 
Help us improve this information. Send feedback to [email protected].