VMware vCenter Privileges for HPE CloudPhysics Virtual Appliance

Roles and Privileges

Please note that the following are essential for establishing Privileges in VMware vCenter:
  • All privileges must be applied all at the GLOBAL level, not at the Host/Cluster Level.
  • After revising any of the vCenter Privileges, please restart the HPE CloudPhysics virtual appliances to ensure they reconnect with the new credentials and privileges.
  • All the permissions are related and if one is incorrect, we cannot correlate one object to another. (example: relationship of VM to Datastore to Host)
Note: vCenter 8.0 is currently not supported - Please contact HPE CloudPhysics Support for more details on when HPE CloudPhysics will support VMware vCenter 8.x

Note: Starting in VMware vCenter 7.0 U3 and in vSphere 8.x and beyond, VMware changed the access to vCenter via API and restricted access for the Active Directory Users. This change restricts access to VMware vCenter to vCenter local users only and privileges are not provided for Active Directory users by default. The result, Domain admin users will not have access to vCenter Configuration details required by HPE CloudPhysics.

“By default, the local administrators group on the vCenter Server is the only group that has access to the vCenter Server. If you try to log in as a user that is not a member of the administrators group (either directly or indirectly through another group), the log in fails because the user account has no permission to any object in the inventory.” VMware KB: https://kb.vmware.com/s/article/1003872

Resolution as detailed in KB above:
  1. To resolve this, Select the vCenter Top Level object in the left-hand object panel.
  2. Click on Permissions
  3. Click +
  4. Add Permission for User vsphere.local
  5. Search for your user
  6. Choose Administrator for Role
  7. Check Propagate to Children
  8. Click OK.

Credentials for vCenter

Global Privileges
vSphere 4-6.x
• Global Service Managers

vSphere 7.x
• Global Service Managers

Host CIM Privileges
vSphere 4-6.x
• Host CIM Interaction (Host.Cim.CimInteraction)

vSphere 7.x
• Host CIM.CIM Interaction

Host Configuration Privileges
vSphere 4-6.x
• Host Advanced Configuration (Host.Config.AdvancedConfig)
• Host Configuration Patch (Host.Config.Patch)

vSphere 7.x
• Host.Configuration.Advanced Settings
• Host.Configuration.Query patch
• Host.Configuration.Storage partition configuration

Datastore Privileges
vSphere 4-6.x
• Datastore Browse (Datastore.Browse)
• Host Configuration Storage (Host.Config.Storage)

vSphere 7.x
• Datastore Browse (Datastore.Browse)

The following are default permissions applied to all roles/privileges created by vCenters by default.


HPE Technical Support: cloudphysicssupport@hpe.com
Use this email address for technical issues with HPE CloudPhysics Observer, Account issues, and technical issues with the portal.