Required Permissions
The VMware vSphere user account that deploys host clusters require access to the following vSphere objects and permissions listed in the following table. Review the vSphere objects and privileges required to ensure each role is assigned the required privileges.
Spectro Root Role Privileges
The spectro root role privileges are only applied to root objects and data center objects. Select the tab for the vSphere version you are using to view the required privileges for the spectro root role.
- 8.0.x
- 7.0.x
- 6.7U3
| vSphere Object | Privilege |
|---|---|
| CNS | Searchable |
| Datastore | Browse datastore |
| Host | Configuration Storage partition configuration |
| vSphere Tagging | Create and edit vSphere tags |
| Network | Assign network |
| Sessions | Validate session |
| VM Storage Policies | View VM storage policies |
| Storage views | View |
| vSphere Object | Privileges |
|---|---|
| CNS | Searchable |
| Datastore | Browse datastore |
| Host | Configuration Storage partition configuration |
| vSphere tagging | Create vSphere Tag Edit vSphere Tag |
| Network | Assign network |
| Profile-driven storage | View |
| Sessions | Validate session |
| Storage views | View |
| vSphere Object | Privileges |
|---|---|
| CNS | Searchable |
| Datastore | Browse datastore |
| Host | Configuration Storage partition configuration |
| vSphere tagging | Create vSphere Tag Edit vSphere Tag |
| Network | Assign network |
| Profile-driven storage | Profile-driven storage view |
| Sessions | Validate session |
| Storage views | View |
warning
If the network is a Distributed Port Group under a vSphere Distributed Switch (VDS), ReadOnly access to the VDS without “Propagate to children” is required.
Spectro Role Privileges
As listed in the table, apply spectro role privileges to vSphere objects you intend to use for Palette installation. A separate table lists Spectro role privileges for VMs by category.
Open Virtual Appliance (OVA) files are downloaded to the folder you selected. These images are cloned from the folder and applied VMs that deployed during deployments.
Select the tab for the vSphere version you are using to view the required privileges for the spectro role.
- 8.0.x
- 7.0.x
- 6.7U3
| vSphere Object | Privileges |
|---|---|
| CNS | Searchable |
| Datastore | Allocate space Browse datastore Low-level file operations Remove file Update VM files Update VM metadata |
| Folder | Create Folder Delete folder Move folder Rename folder |
| Host | Local operations: Reconfigure VM |
| Network | Assign network |
| Resource | Apply recommendation Assign VM to resource pool Migrate powered off VM Migrate powered on VM Query vMotion |
| Sessions | Validate sessions |
| Storage policies | View access for VM storage policies is required. Ensure StorageProfile.View is available. |
| spectro-templates | Read only. This is the vSphere folder created during the install. For airgap installs, you must manually create this folder. |
| Storage views | View |
| Tasks | Create task Update task |
| vApp | Import View OVF environment Configure vAPP application Configure vApp instance |
| vSphere tagging | Assign or Unassign vSphere Tag Create vSphere Tag Delete vSphere Tag Edit vSphere Tag |
The following table lists spectro role privileges for VMs by category. All privileges are for the vSphere object, Virtual Machines.
| Category | Privileges |
|---|---|
| Change Configuration | Acquire disk lease Add existing disk Add new disk Add or remove device Advanced configuration Change CPU count Change memory Change settings Change swapfile placement Change resource Change host USB device Configure raw device Configure managedBy Display connection settings Extend virtual disk Modify device settings Query fault tolerance compatibity Query unowned files Reload from path Remove disk Rename Reset guest information Set annotation Toggle disk change tracking Toggle fork parent Upgrade VM compatibility |
| Edit Inventory | Create from existing Create new Move Register Remove Unregister |
| Guest Operations | Alias modification Alias query Modify guest operations Invoke programs Queries |
| Interaction | Console Interaction Power on/off |
| Provisioning | Allow disk access Allow file access Allow read-only disk access Allow VM download Allow VM files upload Clone template Clone VM Create template from VM Customize guest Deploy template Mark as template Mark as VM Modify customization specification Promote disks Read customization specifications |
| Service Configuration | Allow notifications Allow polling of global event notifications Manage service configurations Modify service configurations Query service configurations Read service configurations |
| Snapshot Management | Create snapshot Remove snapshot Rename snapshot Revert to snapshot |
| Sphere Replication | Configure replication Manage replication Monitor replication |
| vSAN | Cluster: ShallowRekey |
| vSphere Object | Privileges |
|---|---|
| CNS | Searchable |
| Datastore | Allocate space Browse datastore Low-level file operations Remove file Update VM files Update VM metadata |
| Folder | Create Folder Delete folder Move folder Rename folder |
| Host | Local operations: Reconfigure VM |
| Network | Assign network |
| Resource | Apply recommendation Assign VM to resource pool Migrate powered off VM Migrate powered on VM Query vMotion |
| Profile-driven storage | Profile-driven storage view |
| Sessions | Validate session |
| spectro-templates | Read only. This is the vSphere folder created during the install. For airgap installs, you must manually create this folder. |
| Storage views | Configure service View |
| Tasks | Create task Update task |
| vApp | Import View OVF environment Configure vAPP applications Configure vApp instances |
| vSphere tagging | Assign or unassign vSphere Tag Create vSphere Tag Delete vSphere Tag Edit vSphere Tag |
The following table lists spectro role privileges for VMs by category. All privileges are for the vSphere object, Virtual Machines.
| Category | Privileges |
|---|---|
| Change Configuration | Acquire disk lease Add existing disk Add new disk Add or remove device Advanced configuration Change CPU count Change memory Change Settings Change Swapfile placement Change resource Change host USB device Configure Raw device Configure managedBy Display connection settings Extend virtual disk Modify device settings Query fault tolerance compatibity Query unowned files Reload from path Remove disk Rename Reset guest information Set annotation Toggle disk change tracking Toggle fork parent Upgrade VM compatibility |
| Edit Inventory | Create from existing Create new Move Register Remove Unregister |
| Guest Operations | Alias modification Alias query Modify guest operations Invoke programs Query guest operations |
| Interaction | Console Interaction Power on/off |
| Provisioning | Allow disk access Allow file access Allow read-only disk access Allow VM download Allow VM upload Clone template Clone VM Create template from VM Customize guest Deploy template Mark as template Modify customization specifications Promote disks Read customization specifications |
| Service Configuration | Allow notifications Allow polling of global event notifications Manage service configurations Modify service configurations Query service configurations Read service configurations |
| Snapshot Management | Create snapshot Remove snapshot Rename snapshot Revert to snapshot |
| vSphere Replication | Configure replication Manage replication Monitor replication |
| vSAN | Cluster ShallowRekey |
| vSphere Object | Privileges |
|---|---|
| CNS | Searchable |
| Datastore | Allocate space Browse datastore Low-level file operations Remove file Update VM files Update VM metadata |
| Folder | Create Folder Delete folder Move folder Rename folder |
| Host | Local operations: Reconfigure VM |
| Network | Assign network |
| Profile-driven storage | Profile-driven storage view |
| Resource | Apply recommendation Assign VM to resource pool Migrate powered off VM Migrate powered on VM Query vMotion |
| Sessions | Validate session |
| spectro-templates | Read only. This is the vSphere folder created during the install. For airgap installs, you must manually create this folder. |
| Storage views | View |
| Tasks | Create task Update task |
| vApp | Import View OVF environment Configure vAPP applications Configure vApp instances |
| vSphere tagging | Assign or unassign vSphere Tag Create vSphere Tag Delete vSphere Tag Edit vSphere Tag |
The following table lists spectro role privileges for VMs by category. All privileges are for the vSphere object, Virtual Machines.
| Category | Privileges |
|---|---|
| Change Configuration | Acquire disk lease Add existing disk Add new disk Add or remove device Advanced configuration Change CPU count Change memory Change Settings Change Swapfile placement Change resource Change host USB device Configure Raw device Configure managedBy Display connection settings Extend virtual disk Modify device settings Query fault tolerance compatibity Query unowned files Reload from path Remove disk Rename Reset guest information Set annotation Toggle disk change tracking Toggle fork parent Upgrade VM compatibility |
| Edit Inventory | Create from existing Create new Move Register Remove Unregister |
| Guest Operations | Alias modification Alias query Modify guest operations Invoke programs Query guest operations |
| Interaction | Console Interaction Power on/off |
| Provisioning | Allow disk access Allow file access Allow read-only disk access Allow VM download Allow VM upload Clone template Clone VM Create template from VM Customize guest Deploy template Mark as template Modify customization specifications Promote disks Read customization specifications |
| Service Configuration | Allow notifications Allow polling of global event notifications Manage service configurations Modify service configurations Query service configurations Read service configurations |
| Snapshot Management | Create snapshot Remove snapshot Rename snapshot Revert to snapshot |
| vSphere Replication | Configure replication Manage replication Monitor replication |
| vSAN | Cluster ShallowRekey |