vSphere account permissions

A vSphere user with administrative privileges will be sufficient for use with Migration Manager. For those users who want to more narrowly define a role with a service account, the detailed permissions for this account are provided for your reference in the following table.

Table 1. Low-level vSphere permissions for account used by Migration Manager

Privilege Level

Permission

Cryptographic operations

  • Direct Access

Datastore

  • Low-level file operations

Datastore Cluster

  • Configure a datastore cluster

Global

  • Disable methods
  • Enable methods
  • Licenses
  • Log event
  • Manage custom attributes
  • Set custom attribute

Host

Configuration

  • Network configuration

Network

  • Configure

Virtual Machine

Change Configuration

  • Acquire configuration
  • Toggle disk change tracking
  • Acquire disk lease
  • Modify device settings
  • Set Annotation
 

Guest Operations

  • Guest operation modifications
  • Guest operation program execution
  • Guest operation queries
 

Interaction

  • Guest operating system management by VIX API
  • Power On
  • Power Off
 

Provisioning

  • Allow read-only disk access
  • Allow virtual machine download
 

Snapshot Management

  • Create snapshot
  • Remove snapshot