PowerProtect Data Manager 19.11 Virtual Machine User Guide

Specify the required privileges for a dedicated vCenter user account

You can use the vSphere Client to specify the required privileges for the dedicated vCenter user account, or you can use the PowerCLI, which is an interface for managing vSphere.

The following table includes the privileges required for this user.

NOTE For the privileges required when administering PowerProtect Data Manager in a cloud environment, see Specify the required privileges for a dedicated cloud-based vCenter user account. For the additional privileges required when using the Transparent Snapshot Data Mover (TSDM) protection mechanism for virtual machine crash-consistent data protection, see Additional privileges required for a dedicated vCenter user account to use Transparent Snapshot Data Mover.

Table 1. Minimum required vCenter user account privileges
Setting	vCenter 6.5 and later required privileges	PowerCLI equivalent required privileges
Alarms	Create alarm Modify alarm	$privileges = @( 'System.Anonymous', 'System.View', 'System.Read', 'Alarm.Create', 'Alarm.Edit', 'Cryptographer.AddDisk', 'Cryptographer.Access', 'Cryptographer.Migrate', 'Cryptographer.RegisterVM', 'Datastore.Rename', 'Datastore.Move', 'Datastore.Delete', 'Datastore.Browse', 'Datastore.DeleteFile', 'Datastore.FileManagement', 'Datastore.AllocateSpace', 'Datastore.Config', 'Extension.Register', 'Extension.Unregister', 'Extension.Update', 'Folder.Create', 'Global.ManageCustomFields', 'Global.SetCustomField', 'Global.LogEvent', 'Global.CancelTask', 'Global.Licenses', 'Global.Settings', 'Global.DisableMethods', 'Global.EnableMethods', 'Host.Config.Storage', 'InventoryService.Tagging.AttachTag', 'InventoryService.Tagging.ObjectAttachable', 'InventoryService.Tagging.CreateTag', 'InventoryService.Tagging.CreateCategory', 'Network.Config', 'Network.Assign', 'Resource.AssignVMToPool', 'Resource.HotMigrate', 'Resource.ColdMigrate', 'Sessions.ValidateSession', 'StorageProfile.Update', 'StorageProfile.View', 'Task.Create', 'Task.Update', 'VApp.ApplicationConfig', 'VApp.Export', 'VApp.Import', 'VirtualMachine.Config.Rename', 'VirtualMachine.Config.Annotation', 'VirtualMachine.Config.AddExistingDisk', 'VirtualMachine.Config.AddNewDisk', 'VirtualMachine.Config.RemoveDisk', 'VirtualMachine.Config.RawDevice', 'VirtualMachine.Config.HostUSBDevice', 'VirtualMachine.Config.CPUCount', 'VirtualMachine.Config.Memory', 'VirtualMachine.Config.AddRemoveDevice', 'VirtualMachine.Config.EditDevice', 'VirtualMachine.Config.Settings', 'VirtualMachine.Config.Resource', 'VirtualMachine.Config.UpgradeVirtualHardware', 'VirtualMachine.Config.ResetGuestInfo', 'VirtualMachine.Config.AdvancedConfig', 'VirtualMachine.Config.DiskLease', 'VirtualMachine.Config.SwapPlacement', 'VirtualMachine.Config.DiskExtend', 'VirtualMachine.Config.ChangeTracking', 'VirtualMachine.Config.ReloadFromPath', 'VirtualMachine.Config.ManagedBy', 'VirtualMachine.GuestOperations.Query', 'VirtualMachine.GuestOperations.Modify', 'VirtualMachine.GuestOperations.Execute', 'VirtualMachine.Interact.PowerOn', 'VirtualMachine.Interact.PowerOff', 'VirtualMachine.Interact.Reset', 'VirtualMachine.Interact.ConsoleInteract', 'VirtualMachine.Interact.DeviceConnection', 'VirtualMachine.Interact.SetCDMedia', 'VirtualMachine.Interact.ToolsInstall', 'VirtualMachine.Interact.GuestControl', 'VirtualMachine.Inventory.Create', 'VirtualMachine.Inventory.Register', 'VirtualMachine.Inventory.Delete', 'VirtualMachine.Inventory.Unregister', 'VirtualMachine.Provisioning.DiskRandomAccess', 'VirtualMachine.Provisioning.DiskRandomRead', 'VirtualMachine.Provisioning.GetVmFiles', 'VirtualMachine.Provisioning.MarkAsTemplate', 'VirtualMachine.State.CreateSnapshot', 'VirtualMachine.State.RevertToSnapshot', 'VirtualMachine.State.RemoveSnapshot', ) New-VIRole -Name 'PowerProtect' -Privilege (Get-VIPrivilege -Id $privileges)
Cryptographic operations	Add disk Direct Access Migrate NOTE This privilege applies only to virtual machines enabled with Microsoft virtualization-based security (VBS) or Virtual Trusted Platform Module (vTPM). Register VM
Datastore	Allocate space Browse datastore Configure datastore Low level file operations Move datastore Remove datastore Remove file Rename datastore
Extension	Register extension Unregister extension Update extension
Folder	Create folder
Global	Cancel task Disable methods Enable methods Licenses Log event Manage custom attributes Set custom attribute Settings
Host	Configuration > Storage partition configuration
vSphere Tagging	Assign or Unassign vSphere Tag Assign or Unassign vSphere Tag on Object NOTE This only applies to vCenter 7.0 and later. Create vSphere Tag Create vSphere Tag Category
Network	Assign network Configure
Profile-driven storage (for SPBM policy restore)	Profile-driven storage update Profile-driven storage view
Resource	Assign virtual machine to resource pool Migrate powered off virtual machine Migrate powered on virtual machine
Sessions	Validate session
Tasks	Create task Update task
vApp	Export Import vApp application configuration
Virtual Machine
Change Configuration	Acquire disk lease Add existing disk Add new disk Add or remove device Advanced configuration Change CPU count Change Memory Change Settings Change Swapfile placement Change resource Configure Host USB device Configure Raw device Configure managedby Extend virtual disk Modify device settings Reload from path Remove disk Rename Reset guest information Set annotation Toggle disk change tracking Upgrade virtual machine compatibility
Edit Inventory	Create new Register Remove Unregister
Guest operations	Guest operation modifications Guest operation program execution Guest operation queries
Interaction	Configure CD media Connect devices Console interaction Guest operating system management by VIX API Install VMware Tools Power off Power on Reset
Provisioning	Allow disk access Allow read-only disk access Allow virtual machine download Mark as template
Snapshot Management	Create snapshot Remove snapshot Revert to snapshot

Welcome

Welcome to Dell

PowerProtect Data Manager 19.11 Virtual Machine User Guide

Specify the required privileges for a dedicated vCenter user account

Rate this content